Lesson 2 - Defining the Rules of Engagement

Question 1

If you want to test your Internal IT Team what is the best assessment type to utilize

Answer 1

Red Team vs Blue Team
Adversary vs Defense

Question 2

What is the best strategy if the client wants you to fully act like a Bad Actor

Answer 2

Unknown Environment - completely in Dark

Question 3

T or F should the PenTest engagement review any non-security related items such as backups?

Answer 3

True - yes. these should all be addressed during the confirmation of the scope.

Question 4

What is a requirement for avoiding liabilities during a PenTest Engagement

Answer 4

Must ensure Confidentiality based on local, state and Federal requirements such as:
Gramm-Leach-Biley Act (GLBA) requiring financial institutions
Drivers Privacy Protection Act - state DMV
HIPAA

Question 5

What is the contract that establishes precedence and guidelines for any business documents that are executed between two parties

Answer 5

Master Services Agreement

Question 6

If a party wants to see details on what is being performed, timeline, deliverables, and expectations of invoicing where would they find that

Answer 6

Scope of Work

Question 7

What is the contract that sets the service requirements and PenTest Process

Answer 7

Service Level Agreement

processing requirements for confidential and private data