CompTIA PenTest+ (PT0-002) — Question 415

A penetration test is in the scoping phase of an engagement. Which of the following describes how a penetration tester would most effectively obtain the information necessary to begin testing?

Answer options

• A. Wait for the client to tell them
• B. Start an email chain so communications are documented
• C. Ask previous penetration test providers what they looked at
• D. Send a preengagement survey to the client to fill out

Correct answer: D

Explanation

The correct answer is D because a preengagement survey is specifically designed to gather essential information from the client, ensuring that the tester has a clear understanding of the scope and objectives. Option A is ineffective as it relies on the client to take initiative, while B, while useful for documentation, does not actively gather necessary information. Option C may provide insights but is not as direct or reliable as obtaining information straight from the current client.