Certified Information Security Manager (CISM) — Question 1004

When engaging an external party to perform a penetration test, it is MOST important to:

Answer options

• A. provide an updated asset inventory.
• B. notify employees of the testing.
• C. define the project scope.
• D. provide network documentation.

Correct answer: C

Explanation

Defining the project scope is essential as it sets clear expectations and parameters for the penetration test, ensuring that all parties understand what will be tested. While providing an updated asset inventory, notifying employees, and offering network documentation are important, they are secondary to having a well-defined scope that guides the overall testing process.