Section 2: Scoping an Engagement

Question 1

Cloud Services

Answer 1

Software as a Service (SaaS)
● The service provider provides the client organization with a
complete solution (MicrosoftOffice365)
Infrastructure as a Service (IaaS)
● The service provider provides dynamic allocation of additional
resources without requiring clients to buy the hardware and
underlying operating systems (Cloud based Web Server)
Platform as a Service (PaaS)
● The service provider provides the client organization with the
hardware and software needed for a specific service to operate

SaaS = Software
IaaS = Hardware
PaaS = Software and Hardware

Question 2

Regulations: Wassenaar Arrangement

Answer 2

● Outlaws the exportation of a technology that can be used both in a regular commercial setting and as a weapon

Many penetration testing tools are also considered surveillance
tools under the Wassenaar Agreement

o Encryption
o Wireshark

Question 3

Which assessment type is most like a real attack?

Answer 3

Objective-Based

This is because you are able to be creative with methods and techniques. It doesn’t matter how you get there as long as you accomplish the objective.