CompTIA PenTest+ (PT0-002) — Question 169

The delivery of a penetration test within an organization requires defining specific parameters regarding the nature and types of exercises that can be conducted and when they can be conducted. Which of the following BEST identifies this concept?

Answer options

• A. Statement of work
• B. Program scope
• C. Non-disclosure agreement
• D. Rules of engagement

Correct answer: D

Explanation

The correct answer is 'Rules of engagement' as it outlines the parameters and boundaries for the penetration test. A 'Statement of work' refers to the detailed description of the work to be done, while 'Program scope' defines the extent of the testing. A 'Non-disclosure agreement' is a legal contract to protect confidential information, which is not related to the specific testing parameters.