CompTIA PenTest+ (PT0-002) — Question 196

A penetration tester joins the assessment team in the middle of the assessment. The client has asked the team, both verbally and in the scoping document, not to test the production networks. However, the new tester is not aware of this request and proceeds to perform exploits in the production environment. Which of the following would have MOST effectively prevented this misunderstanding?

Answer options

• A. Prohibiting exploitation in the production environment
• B. Requiring all testers to review the scoping document carefully
• C. Never assessing the production networks
• D. Prohibiting testers from joining the team during the assessment

Correct answer: B

Explanation

The correct answer is B because requiring all testers to review the scoping document ensures that they are fully informed of the client's restrictions and expectations. The other options do not address the communication gap that occurred; prohibiting exploitation or avoiding assessments does not educate the new tester, while preventing new team members from joining could hinder the assessment process.