As a penetration tester, you are contracted to perform a security assessment for a company that utilizes multiple public cloud services. Which of the following considerations is MOST important when defining the scope of your penetration test?
Secure the written permission to attack from local government authorities.
Determine if other organizations hosted by the same provider inadvertently come into scope.
Ensure the cloud service provider's policy for penetration testing is followed.
Select the tools that will be used during the engagement.
Understanding and adhering to the cloud service provider's policy is most important because it dictates what actions can and cannot be taken within the provider's environment. Conducting activities beyond allowed limits may result in account suspension or legal consequences. While knowing the tools to be used and assessing if the organization inadvertently comes into scope are also important, they follow the guidelines outlined by the providers' policies for testing.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a cloud service provider's policy for penetration testing?
Open an interactive chat with Bash
Why is it important to secure written permission for penetration testing?
Open an interactive chat with Bash
What does it mean for an organization to inadvertently come into scope during a penetration test?