GIAC Penetration Tester (GPEN) — Question 64
You suspect that system administrators In one part of the target organization are turning off their systems during the times when penetration tests are scheduled, what feature could you add to the ' Rules of engagement' that could help your team test that part of the target organization?
Answer options
- A. Un announced test
- B. Tell response personnel the exact lime the test will occur
- C. Test systems after normal business hours
- D. Limit tests to business hours
Correct answer: C
Explanation
The correct answer is C, as testing systems after normal business hours would reduce the likelihood of administrators shutting them down. Option A does not ensure that systems will be available for testing, while B gives prior notice that could lead to systems being turned off. Option D limits the testing to times when systems may be off, which is counterproductive.