Certified Ethical Hacker (CEH v10) — Question 194

As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing.
What document describes the specifics of the testing, the associated violations, and essentially protects both the organization's interest and your liabilities as a tester?

Answer options

• A. Service Level Agreement
• B. Project Scope
• C. Rules of Engagement
• D. Non-Disclosure Agreement

Correct answer: C

Explanation

The correct answer is C, as the Rules of Engagement document specifically outlines the parameters, limitations, and expectations of the penetration testing process. Options A and D refer to agreements that deal with service levels and confidentiality, respectively, while B, Project Scope, may define the objectives but lacks the legal protections and specifics about violations.