CompTIA PenTest+ (PT0-003) — Question 73

During a web application assessment, a penetration tester identifies an administrative tool that would allow for the production database to be deleted without authorization. Which of the following is most important for the penetration tester to consider before proceeding with testing?

Answer options

• A. Rules of engagement
• B. Business continuity planning
• C. Agreed-upon testing hours
• D. Application terms of use

Correct answer: A

Explanation

The most critical factor to consider is the Rules of engagement, as they outline the boundaries and permissions for testing, ensuring that the tester operates within legal and ethical guidelines. While business continuity planning, agreed-upon testing hours, and application terms of use are important, they do not take precedence over having clear rules that govern the testing process.