What best describes scope creep in a penetration test?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

What best describes scope creep in a penetration test?

Explanation:
Scope creep in a penetration test means the engagement expands beyond what was originally agreed, often without formal approvals. The described scenario fits this idea: a misunderstanding leads to adding more systems, target networks, and types of testing as the test proceeds, which makes the engagement dangerous and costly for the tester. This uncontrolled growth is exactly what makes scope creep risky, because it can invalidate the contract, violate laws or rules of engagement, and blow up timelines and budgets. In contrast, a planned expansion would be a deliberate, documented change with approvals, stopping short of true scope creep; testers refusing to expand or the client reducing requirements reflect staying within or shrinking the scope, not creep.

Scope creep in a penetration test means the engagement expands beyond what was originally agreed, often without formal approvals. The described scenario fits this idea: a misunderstanding leads to adding more systems, target networks, and types of testing as the test proceeds, which makes the engagement dangerous and costly for the tester. This uncontrolled growth is exactly what makes scope creep risky, because it can invalidate the contract, violate laws or rules of engagement, and blow up timelines and budgets. In contrast, a planned expansion would be a deliberate, documented change with approvals, stopping short of true scope creep; testers refusing to expand or the client reducing requirements reflect staying within or shrinking the scope, not creep.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy