CompTIA Security+ (SY0-701) — Question 38

Which of the following provides the details about the terms of a test with a third-party penetration tester?

Answer options

• A. Rules of engagement
• B. Supply chain analysis
• C. Right to audit clause
• D. Due diligence

Correct answer: A

Explanation

The correct answer, 'Rules of engagement', specifies the parameters and expectations for the penetration test, ensuring both parties are aligned. The other options do not directly pertain to the specifics of a penetration test; for instance, 'Supply chain analysis' focuses on evaluating supplier risks, while 'Right to audit clause' and 'Due diligence' relate more to compliance and risk management rather than test conditions.