ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 523 discussion

Actual exam question from Isaca's CISA
Question #: 523
Topic #: 1
[All CISA Questions]

Which of the following should be done FIRST when planning a penetration test?

  • A. Define the testing scope.
  • B. Determine reporting requirements for vulnerabilities.
  • C. Obtain management consent for the testing.
  • D. Execute nondisclosure agreements (NDAs).
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by saado9 at April 28, 2023, 10:23 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
1Naa
2 weeks, 2 days ago
Selected Answer: C
Obtain management consent for the testing is the most important first step in any penetration testing process. Penetration testing can involve accessing sensitive systems, data, and infrastructure, and it is essential to have explicit authorization from management before proceeding. This ensures that the testing is legally sanctioned and aligns with the organization’s objectives and risk management processes.
upvoted 1 times
...
PurpleParrot
5 months ago
Selected Answer: C
The first step is to obtain management consent. The scope will be based on what management agrees upon during the consent process.
upvoted 3 times
...
Swallows
7 months ago
Selected Answer: A
Defining the testing scope is crucial as it outlines the boundaries, objectives, and limitations of the penetration test. It helps determine what systems, networks, applications, or assets will be included in the test and specifies the goals and targets of the assessment. Additionally, defining the scope ensures that the penetration test focuses on areas of highest risk or concern to the organization, aligns with business objectives, and meets regulatory requirements. Once the testing scope is established, the organization can proceed with obtaining management consent for the testing (Option C). Management consent is essential to ensure that stakeholders are aware of the planned activities, potential impacts, and expected outcomes of the penetration test. However, without a clearly defined testing scope, it may be challenging to obtain informed consent from management.
upvoted 2 times
...
Rachy
11 months, 3 weeks ago
Selected Answer: C
I change my answer to C. According to CRM, chapter 5 page 335, it is imperative to obtain Management’s consent in writing before finalization of the test/ engagement scope. The chosen answer C is correct
upvoted 4 times
...
Rachy
11 months, 3 weeks ago
Selected Answer: A
You write a memo of what you want to do first before approval. Definition of scope come first so A is the answer
upvoted 3 times
Rachy
11 months, 3 weeks ago
I change my answer to C. According to CRM, chapter 5 page 335, it is imperative to obtain Management’s consent in writing before finalization of the test/ engagement scope. The chosen answer C is correct
upvoted 2 times
...
...
3008
1 year, 4 months ago
Selected Answer: A
A is answer.
upvoted 1 times
...
Femdu
1 year, 5 months ago
The scope should be stated in the approval. Hence, scope definition comes first!
upvoted 1 times
...
Joloms
1 year, 6 months ago
tHE ANSWER IS a https://www.imperva.com/learn/application-security/penetration-testing/#:~:text=The%20first%20stage%20involves%3A,works%20and%20its%20potential%20vulnerabilities.
upvoted 1 times
...
hoho
1 year, 7 months ago
Agree, First step should be Scope, management consent follow
upvoted 1 times
...
saado9
1 year, 8 months ago
Must be A. Define testing scope
upvoted 2 times
ItsBananass
1 year, 6 months ago
Are you going to plan for something you don't have approval for?
upvoted 5 times
AliHamza
1 year, 6 months ago
If there is no scope then what management will approve?
upvoted 4 times
...
Yejide03
11 months ago
Sorry I’m going for A
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago