Exam CISA topic 1 question 523 discussion

The first step is to obtain management consent. The scope will be based on what management agrees upon during the consent process.

Defining the testing scope is crucial as it outlines the boundaries, objectives, and limitations of the penetration test. It helps determine what systems, networks, applications, or assets will be included in the test and specifies the goals and targets of the assessment. Additionally, defining the scope ensures that the penetration test focuses on areas of highest risk or concern to the organization, aligns with business objectives, and meets regulatory requirements. Once the testing scope is established, the organization can proceed with obtaining management consent for the testing (Option C). Management consent is essential to ensure that stakeholders are aware of the planned activities, potential impacts, and expected outcomes of the penetration test. However, without a clearly defined testing scope, it may be challenging to obtain informed consent from management.

I change my answer to C. According to CRM, chapter 5 page 335, it is imperative to obtain Management’s consent in writing before finalization of the test/ engagement scope. The chosen answer C is correct

You write a memo of what you want to do first before approval. Definition of scope come first so A is the answer

A is answer.

The scope should be stated in the approval. Hence, scope definition comes first!

tHE ANSWER IS a https://www.imperva.com/learn/application-security/penetration-testing/#:~:text=The%20first%20stage%20involves%3A,works%20and%20its%20potential%20vulnerabilities.

Agree, First step should be Scope, management consent follow

Must be A. Define testing scope