Exam PT0-002 topic 1 question 29 discussion

Answer should be C: The Rules of Engagement, or ROE, are meant to list out the specifics of your penetration testing project to ensure that both the client and the engineers working on a project know exactly what is being testing, when its being tested, and how its being tested.

C. Testing restrictions The scope of engagement (ROE) is a document that outlines the scope, objectives, and limitations of a penetration testing engagement. One of the most important aspect that should be included in the ROE is the testing restrictions, which is a list of specific systems, networks, or devices that are out-of-bounds for the testers. The cost of the assessment (Option A) should be agreed upon prior to the engagement, but it is not typically included in the ROE. The report distribution (Option B) should be agreed upon as well, but it is not typically included in the ROE. Liability (Option D) is an important aspect that should be considered, but it is typically handled in the contract rather than in the ROE.

The ROE, or Rulesh of Engagement, is a set of guidelines used to defin the scope and objectives of an assessment. It outlines the desired outcomes and any restrictions that apply to the assessment such as permissible attack vectors or rules of engagement. The ROE should be established before the assessment begins in order to ensure that all parties involved understand the goals and limitations of the testing process.

Answer should be C

The ROE is specifically designed to determine the assessment, restricting when/what/how they get to perform the test.

Answer C. Rules of Engagement, or ROE is the correct answer.

What resources are committed to the test. In white and gray box testing scenarios, time commitments from the administrators, developers, and other experts on the targets of the test are not only useful, they can be necessary for an effective test.

The answer should be C