There are areas within RoE and SoW that repeats.
SoW - Scope of work, which might also include Domain, IP Ranges etc.
RoE - Allowed targets, which also include Domain, IP Ranges etc.
As usual - TERRIBLE questions Comptia.
The Statement of Work (SOW) is a document that outlines the scope, objectives, deliverables, and other details of a project, including a penetration test.
In the context of a penetration test, the SOW specifies the target scope, which includes the domain names, IP ranges, hosts, applications, and any other assets that the penetration tester is authorized to assess.
By defining the scope in the SOW, both the client and the penetration testing team have a clear understanding of what is included and excluded from the assessment, helping to ensure that the testing activities align with the client's objectives and requirements.
While they may specify how the test is conducted, they generally do not define the technical scope in terms of domain names, IP ranges, hosts, and applications.
C. ROE (Rules of Engagement): ROE documents outline the rules, procedures, limitations, and guidelines that govern the conduct of the penetration test. While they may specify how the test is conducted, they generally do not define the technical scope in terms of domain names, IP ranges, hosts, and applications.
During a penetration test, the details like domain names, IP ranges, hosts, and applications are typically defined in the:
C. ROE (Rules of Engagement)
The Rules of Engagement document outlines the scope, boundaries, methods, and other specific details of the test. It ensures that both the client and the tester understand what is allowed and expected during the testing.
Here's a brief overview of the other terms:
A. SOW (Statement of Work): This document describes the overall objectives and deliverables for a project but might not include the specific technical details mentioned in the question.
B. SLA (Service Level Agreement): This defines the level of service expected by a customer from a supplier, laying out the metrics by which that service is measured.
D. NDA (Non-Disclosure Agreement): This is a legal contract that outlines the sharing of certain information between parties but restricts the further dissemination of that information.
The domain names, IP ranges, hosts, and applications that are included in a penetration test are typically defined in the scope of work (SOW). Therefore, the correct answer is A.
abdulrishad I know you'll add you little "the answer is..." but you're wrong. The answer is A.
I think it would probably be in both the SOW and ROE however it says "During a penetration test" which steers me towards the hands-on phase of a pentest. For that reason ROE, C
The domain names, IP ranges, hosts, and applications are defined in the SOW (Statement of Work). The SOW is the agreement between the client and the security firm, and outlines the scope of work and expected deliverables. The SLA (Service-Level Agreement) is a contract detailing the service level expectations of the security firm and the customer, while the ROE (Rules of Engagement) provides guidance on how ethical hackers should conduct their tests. Finally, an NDA (Non-Disclosure Agreement) is used to outline the confidential information that can be shared between the two parties.
ROE is the scope, or limits, of the tests. The ROE includes the dates and times that testing will be performed; what IP addresses the tester will be using to conduct the tests, and what devices or web applications will be in scope, specifically identified by IPs and urls. The ROE may also include a list of IPs or hostnames that off limits, or out of scope.
C is the correct answer
The Rules of Engagement
ROE is the scope, or limits, of the tests. The ROE includes the dates and times that testing will be performed; what IP addresses the tester will be using to conduct the tests, and what devices or web applications will be in scope, specifically identified by IPs and urls. The ROE may also include a list of IPs or hostnames that off limits, or out of scope.
It should have the penetration tester’s contact information or someone who can directly assist you during testing. There may be times where you will want to speak with the tester, especially if things are transpiring on your network during the active testing.
This happened to a client of MainNerve’s. The client’s internet line was not up and running at the time of their annual penetration test. This is most likely because of a fiber cut from construction. The client called to see if it was from MainNerve testing, but our tester hadn’t engaged yet.
During a penetration test, the domain names, IP ranges, hosts, and applications are typically defined in the SOW (Statement of Work). The SOW outlines the details of the agreement between the client and the security company, including the scope of the assessment and any expectations the client may have.
The Rules of Engagement
ROE is the scope, or limits, of the tests. The ROE includes the dates and times that testing will be performed; what IP addresses the tester will be using to conduct the tests, and what devices or web applications will be in scope, specifically identified by IPs and urls. The ROE may also include a list of IPs or hostnames that off limits, or out of scope.
It should have the penetration tester’s contact information or someone who can directly assist you during testing. There may be times where you will want to speak with the tester, especially if things are transpiring on your network during the active testing.
This happened to a client of MainNerve’s. The client’s internet line was not up and running at the time of their annual penetration test. This is most likely because of a fiber cut from construction. The client called to see if it was from MainNerve testing, but our tester hadn’t engaged yet.
The domain names, IP ranges, hosts, and applications that will be tested during a penetration test are typically defined in the SOW (Statement of Work).
I think the most important part of this question is the word "defined". There may be multiple documents that contain IP ranges and host/application info...but in which document are those items FIRST defined?
This section is not available anymore. Please use the main Exam Page.PT0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Neolot
Highly Voted 2 years, 2 months agoIncognito09
Highly Voted 2 years, 2 months agoSebatian20
Most Recent 7 months, 2 weeks agoHedwig74
8 months, 3 weeks agodeeden
9 months, 2 weeks agodeeden
9 months, 2 weeks agosolutionz
1 year, 4 months agokips
1 year, 5 months ago[Removed]
1 year, 8 months agoAaronS1990
1 year, 8 months agoKingIT_ENG
1 year, 9 months agonickwen007
1 year, 9 months ago[Removed]
1 year, 9 months ago[Removed]
1 year, 9 months ago[Removed]
1 year, 9 months agonickwen007
1 year, 9 months ago[Removed]
1 year, 9 months ago[Removed]
1 year, 9 months agocy_analyst
1 year, 9 months ago[Removed]
1 year, 9 months agocy_analyst
1 year, 9 months agoOushi
1 year, 10 months agokloug
1 year, 10 months ago[Removed]
1 year, 10 months ago