GIAC Penetration Tester (GPEN) — Question 61

You have been contracted to map me network and try to compromise the servers for a client. Which of the following would be an example of scope creep' with respect to this penetration testing project?

Answer options

• A. Disclosing information forbidden in the NDA
• B. Compromising a server then escalating privileges
• C. Being asked to compromise workstations
• D. Scanning network systems slowly so you are not detected

Correct answer: B

Explanation

The correct answer, B, illustrates scope creep because it involves actions beyond the initial agreement to target only the servers, specifically escalating privileges after compromising them. Options A and C also imply potential breaches of the contract but do not directly relate to the originally defined scope of the project. D refers to a method of operation but does not indicate an expansion of the project's scope.