CompTIA PenTest+ (PT1-002) — Question 7

A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity. Which of the following is the MOST important action to take before starting this type of assessment?

Answer options

• A. Ensure the client has signed the SOW.
• B. Verify the client has granted network access to the hot site.
• C. Determine if the failover environment relies on resources not owned by the client.
• D. Establish communication and escalation procedures with the client.

Correct answer: A

Explanation

The most critical action is to ensure the client has signed the SOW, as it formalizes the agreement and scope of the penetration test. Without this agreement, the assessment could lead to legal issues or misunderstandings about the objectives. Other options, while important, are secondary to having a clear and binding contract in place.