CompTIA PenTest+ (PT0-001) — Question 163

When negotiating a penetration testing contract with a prospective client, which of the following disclaimers should be included in order to mitigate liability in case of a future breach of the client's systems?

Answer options

• A. The proposed mitigations and remediations in the final report do not include a cost-benefit analysis.
• B. The NDA protects the consulting firm from future liabilities in the event of a breach.
• C. The assessment reviewed the cyber key terrain and most critical assets of the client's network.
• D. The penetration test is based on the state of the system and its configuration at the time of assessment.

Correct answer: D

Explanation

The correct answer is D because it clarifies that the penetration test results are based on the system's state during the assessment, which helps limit liability for any changes that occur afterward. Options A and C do not address liability directly, while option B incorrectly implies that NDAs cover breach liabilities, which are typically not the case.