CompTIA CySA+ (CS0-001) — Question 193
As part of an upcoming engagement for a client, an analyst is configuring a penetration testing application to ensure the scan complies with information defined in the SOW. Which of the following types of information should be considered based on information traditionally found in the SOW? (Choose two.)
Answer options
- A. Timing of the scan
- B. Contents of the executive summary report
- C. Excluded hosts
- D. Maintenance windows
- E. IPS configuration
- F. Incident response policies
Correct answer: A, C
Explanation
The correct answers are A and C because the SOW typically outlines the timing of the scan and any hosts that are excluded from testing, ensuring compliance and minimizing disruption. Options B, D, E, and F, while important, are not standard elements found in the SOW related to the specifics of the penetration testing engagement.