Which term defines the boundaries and limitations of an engagement?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Which term defines the boundaries and limitations of an engagement?

Explanation:
Project scope defines the boundaries and limitations of an engagement. It lays out what is in scope and what is out of scope, along with constraints like time, resources, and acceptance criteria. In a security assessment, this includes which systems, networks, and data are authorized for testing, which testing methods are allowed, the testing window, and how findings will be reported and handled. Clear scope prevents scope creep, ensures legal authorization, and aligns expectations among stakeholders. Risk assessment focuses on identifying and prioritizing potential threats and vulnerabilities, not specifically the boundaries of the engagement. A test plan describes how the testing will be conducted (approach, tools, steps), rather than defining the engagement’s limits. A deliverable is the output produced (like the final report or artifacts), not the scope of work itself.

Project scope defines the boundaries and limitations of an engagement. It lays out what is in scope and what is out of scope, along with constraints like time, resources, and acceptance criteria. In a security assessment, this includes which systems, networks, and data are authorized for testing, which testing methods are allowed, the testing window, and how findings will be reported and handled. Clear scope prevents scope creep, ensures legal authorization, and aligns expectations among stakeholders.

Risk assessment focuses on identifying and prioritizing potential threats and vulnerabilities, not specifically the boundaries of the engagement. A test plan describes how the testing will be conducted (approach, tools, steps), rather than defining the engagement’s limits. A deliverable is the output produced (like the final report or artifacts), not the scope of work itself.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy