Im going with A and E. If I recall correctly goals/objectives and the company policies were kind of the big first steps when planning engagement. You have to really push through that stuff. a lot had to do with cost as well.
C - I know will come up, but not in the beginning stages of engagement.
A. and C. - The most important planning for engagement is to focus on the: "Goals/Objective" - this is what the client will set in the MSA or ROE, what they want you to test. "Tolerance" - depending on if you are testing their production or development network, will determine the tolerance they are will to accept in either environment.
I'd go for A & C.
Pentest Plan.-
Goals/ Objectives
'Tolerance to impact' would be within Risk and Contingencies
https://www.isaca.org/resources/isaca-journal/issues/2016/volume-5/planning-for-information-security-testinga-practical-approach
Company policy may be important in the *decision* as to whether, or not, you want to have a pentest. But it is not usually part of the planning process. Goals and objectives are always part of the planning process.
PenTest+ Practice Tests Book
C and E. - Knowing the company policies and their tolerance to impact are two of the most important items needed to know when planning for an engagement. The others are important, but this scenario is asking for the two most important. Cybersecurity professionals widely agree that vulnerability management is a critical component of any information security program, and for this reason, many organizations mandate vulnerability scanning in corporate policy, even if that is not a regulatory requirement. The risk and impact tolerance of the organization being assessed should be used to define the scope and rules of engagement for the assessment.
Makes sense... Doesn't mean the others are wrong, this is just the MOST important... Company Policy would include any regulations that need to be met, and tolerance to impact would determine how detailed your pentest needs to be... Goals/Objectives would be defined based on those two answers, making it the "MOST important".
I think I'm changing my mind on this..... Isn't part of a pentest to determine if the company policy is meeting expectations? With that it mind, I think goals/objectives and tolerance to impact would be the best answer here. That would determine your limitations as a pentester for this engagement.
upvoted 1 times
...
...
...
This section is not available anymore. Please use the main Exam Page.PT0-001 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
xMilkyMan123
Highly Voted 4 years, 3 months agoboyladdudeman
4 years, 1 month agoboyladdudeman
4 years, 1 month agokloug
Most Recent 2 years, 2 months agomiabe
2 years, 9 months agoonikafei
3 years, 1 month agoDrChats
3 years, 4 months agoAriel235788
3 years, 5 months agoSciBer
3 years, 6 months agorose_y
3 years, 6 months agoCybeSecN
3 years, 9 months agohnj11
4 years, 1 month agoEZPASS
4 years, 4 months agosomeguy1393
4 years, 4 months agobyrne
4 years, 5 months agoboblee
4 years, 10 months agozeroes_n_ones
4 years, 11 months agoD1960
4 years, 12 months agomr_robot
5 years agoTheThreatGuy
4 years, 3 months agoTheThreatGuy
4 years, 3 months ago