While preparing for a web assessment, a client shares that they have multiple registered addresses but a limited subset is authorized for evaluation. Which detail must be clarified before scanning?
It is vital to identify which host addresses are approved for testing. This confirmation keeps the assessment from extending beyond the agreed scope. Other suggestions, like reviewing logs, credentials, or naming conventions, do not confirm the precise targets to be included or excluded.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the scope of an engagement in penetration testing?
Open an interactive chat with Bash
Why is confirming the permitted host addresses important in a web assessment?
Open an interactive chat with Bash
What could happen if you scan unauthorized addresses during an assessment?