CompTIA PenTest+ (PT0-002) — Question 373

Which of the following documents best ensures an external consulting firm that is hired to perform a penetration test understands and compiles with the customer’s security policies and procedures?

Answer options

• A. ROE
• B. MOU
• C. SLA
• D. NDA

Correct answer: A

Explanation

The ROE (Rules of Engagement) is the document that outlines the scope, objectives, and procedures for the penetration test, ensuring that the consulting firm understands the client's security policies. The MOU (Memorandum of Understanding) and SLA (Service Level Agreement) focus on agreements and service expectations, while the NDA (Non-Disclosure Agreement) is primarily concerned with confidentiality, not compliance with security policies.