Your client shares an extensive list of addresses on multiple networks and domain-based hosts. Which approach best prevents testing beyond the authorized boundaries?
Gather information from all addresses to identify anything that responds and include them in the test
Investigate additional endpoints if they appear during scans to cover all potential weaknesses
Exclude addresses that do not return active responses during initial scans
Obtain a precise list from the client and confirm it matches the agreement, removing any unspecified addresses
Confirming exact scope details in writing and excluding anything not specified helps testers avoid unauthorized activities. One option suggests scanning everything, which can exceed boundaries. Another suggests excluding networks based on responsiveness, which risks omitting critical resources. Another recommends investigating new endpoints when discovered, which may overstep the agreement. Ensuring all items match the contract eliminates guesswork and keeps testing within the agreed scope.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important to confirm a precise list of authorized addresses for testing?
Open an interactive chat with Bash
What could happen if you test addresses or systems outside of the agreed scope?
Open an interactive chat with Bash
Why shouldn’t testers exclude unresponsive addresses from the scope during initial scans?