Free CompTIA PenTest+ PT0-002 Practice Question
During the initial meeting with a client for a penetration testing project, the client specifies that they want a comprehensive assessment of their infrastructure within a strict timeline. However, the client has numerous third-party hosted services that are critical to their operations. As an ethical hacker, which of the following steps is MOST important to perform next?
Advice the client that testing third-party services is not required since it is beyond the client's direct control.
Immediately start testing the client's internal network to map out all accessible devices and services.
Assume responsibility for any legal issues with third-party vendors that might arise during the testing procedure.
Validate the scope of engagement by questioning the client and reviewing the contracts pertaining to the third-party services.
