An employee of a cybersecurity consulting firm in the U.S. is assigned to help assess the system and operation vulnerabilities of several financial institutions in Europe. The task includes penetration tests for compliance. What is a key element the employee must have before starting the assignment?

An employee of a cybersecurity consulting firm in the U.S. is assigned to help assess the system and operation vulnerabilities of several financial institutions in Europe. The task includes penetration tests for compliance. What is a key element the employee must have before starting the assignment?

• state-of-the-art penetration testing tools
• valid user credentials to perform tests at each client institution
• detailed network diagrams and asset inventories from each client institution
• documentation of permission for performing the tests from the client institutions

Explanation: An employee performing penetration testing should be aware of any local restrictions. Countries may have specific country limitations and local laws that may restrict whether the employee can perform some tasks as a penetration tester. The employee must always have clear documentation from the client indicating that permission to perform the testing is granted.

Exam with this question: 2.4.3 Quiz - Planning and Scoping a Penetration Testing Assessment Answers