Exam CISA topic 1 question 997 discussion

When conducting external penetration testing, the source IP addresses of simulated attacks are the most appropriate to include in the audit scope to distinguish between the auditor's penetration attacks and actual attacks. This information helps differentiate between simulated testing activities and real-world malicious activities. By documenting and providing the source IP addresses of simulated attacks, the organization can easily identify and filter out the auditor's activities during the analysis of logs and security monitoring systems. This ensures that the organization can distinguish between intentional testing and potential actual attacks, allowing for a more accurate assessment of the information processing environment. The other options may provide valuable information, but the source IP addresses specifically help in differentiating between the simulated attacks conducted by the auditor and any real attacks that might occur during the testing period.

The correct answer is C, Source IP addresses of simulated attacks. External penetration testing is a type of security testing that involves simulating an attack on an organization's systems and infrastructure from outside the organization's network. To distinguish between the auditor's penetration attacks and actual attacks, the IS auditor should include the source IP addresses of the simulated attacks in the audit scope for the organization. This will enable the organization to identify the source of any suspicious activity or attempted attacks and determine whether they are coming from the auditor or from an external threat actor.