Certified Ethical Hacker (CEH v11) — Question 136
As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing.
What document describes the specifics of the testing, the associated violations, and essentially protects both the organization's interest and your liabilities as a tester?
Answer options
- A. Service Level Agreement
- B. Project Scope
- C. Rules of Engagement
- D. Non-Disclosure Agreement
Correct answer: C
Explanation
The correct answer is C, Rules of Engagement, which defines the parameters of the testing, including what is permissible and what is not, ensuring clarity for both parties. Options A and B focus on service expectations and project outlines, which do not specifically address testing conduct and liabilities. Option D, Non-Disclosure Agreement, pertains to confidentiality but does not cover the specifics of the testing process.