Certified Information Systems Auditor (CISA) — Question 206

Which of the following is MOST important to ensure when planning a black box penetration test?

Answer options

• A. The management of the client organization is aware of the testing.
• B. The test results will be documented and communicated to management.
• C. Diagrams of the organization's network architecture are available.
• D. The environment and penetration test scope have been determined.

Correct answer: D

Explanation

Determining the environment and scope of the penetration test is crucial as it defines the boundaries and objectives of the testing process. While informing management, documenting results, and having network diagrams are important, they are secondary to clearly defining what will be tested and how, which is captured in the scope.