During final coordination with a client, they reveal that certain database servers must not be examined to meet internal regulations. Which step helps guarantee these restrictions remain in place during the security review?
Record those specific servers in the engagement documentation to ensure they are documented as out of scope
Include them in documentation for analysis, but avoid exploitation efforts
Conduct limited assessments to ensure their protection
Placing off-limit items in the engagement paperwork provides a clear directive to avoid testing them. Written documentation reduces misunderstandings and holds parties accountable. Other choices either risk unintended scanning or rely on incomplete arrangements, which can cause compliance problems.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is meant by 'engagement documentation' in a security review?
Open an interactive chat with Bash
Why is written documentation preferred over verbal agreements for security testing restrictions?
Open an interactive chat with Bash
How does 'out-of-scope' designation help ensure compliance during penetration testing?