During final coordination with a client, they reveal that certain database servers must not be examined to meet internal regulations. Which step helps guarantee these restrictions remain in place during the security review?
Conduct limited assessments to ensure their protection
Record those specific servers in the engagement documentation to ensure they are documented as out of scope
Placing off-limit items in the engagement paperwork provides a clear directive to avoid testing them. Written documentation reduces misunderstandings and holds parties accountable. Other choices either risk unintended scanning or rely on incomplete arrangements, which can cause compliance problems.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important to record out-of-scope systems in engagement documentation?
Open an interactive chat with Bash
What risks are involved in relying on verbal agreements for out-of-scope systems?
Open an interactive chat with Bash
What are the consequences of including out-of-scope systems in testing activities?