CompTIA CySA+ (CS0-001) — Question 123

Which of the following describes why it is important to include scope within the rules of engagement of a penetration test?

Answer options

• A. To ensure the network segment being tested has been properly secured
• B. To ensure servers are not impacted and service is not degraded
• C. To ensure all systems being scanned are owned by the company
• D. To ensure sensitive hosts are not scanned

Correct answer: C

Explanation

Including scope in the rules of engagement is crucial to ensure that all systems being tested are owned by the company, which is the correct answer (C). This avoids potential legal issues and ensures that the testing is conducted on authorized assets. Options A, B, and D, while important considerations, do not address the ownership aspect, which is vital for ethical penetration testing.