CompTIA PenTest+ (PT0-002) — Question 140

Which of the following documents must be signed between the penetration tester and the client to govern how any provided information is managed before, during, and after the engagement?

Answer options

• A. MSA
• B. NDA
• C. SOW
• D. ROE

Correct answer: B

Explanation

The correct answer is B, NDA (Non-Disclosure Agreement), as it specifically governs the confidentiality of information exchanged during the engagement. The other options, such as MSA (Master Service Agreement), SOW (Statement of Work), and ROE (Rules of Engagement), while important, do not primarily address the management of sensitive information.