As a penetration tester, you are finalizing the Statement of Work (SoW) for an upcoming engagement. The client has emphasized the importance of clearly defining the objectives and deliverables. Which of the following inclusions would best fulfill the client's requirement for clarity within the SoW?
High-level goals of the penetration testing engagement without detailing the individual systems
A broad statement addressing potential risks and mitigation strategies without specifying the testing targets
A detailed list of the specific systems, applications, and networks to be tested along with the desired testing outcomes
A comprehensive biography of each penetration tester's qualifications and certifications
The correct answer is 'A detailed list of the specific systems, applications, and networks to be tested along with the desired testing outcomes'. This is because a detailed list ensures both the penetration tester and the client have a precise understanding of what will be tested and what the expected deliverables are, minimizing confusion and disagreements post-engagement. Options involving only high-level goals, the tester's qualifications, or only addressing risks, while potentially important, do not provide the detailed clarity on objectives and deliverables that is specifically requested by the client.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Statement of Work (SoW)?
Open an interactive chat with Bash
What are the key elements that should be included in a penetration testing SoW?
Open an interactive chat with Bash
Why is clarity about objectives and deliverables important in penetration testing?