Comptia Pentest + 02 — Lesson 2
Defining the Rules of Engagement
LESSON INTRODUCTION
A structured PenTest will help ensure the organization has enacted best practices for handling customer data. The team needs to be aware of any environmental and location restrictions that will govern their behavior during the exercise.
In addition, you’ll need to obtain a target list of in-scope assets. During the assessment, the team may be asked to conduct additional tests. However, it’s essential that the team is aware of the consequences of testing beyond the defined scope. Once you have gathered all relevant information, you’ll need to validate the scope of engagement so that all parties agree on the terms. Finally, prior to beginning the PenTest, the team must prepare several legal documents that outline the scope and
terms of the project.
Lesson Objectives
In this lesson, you will:
• Recognize environmental considerations as to resources in the network,
applications in the cloud, along with location restrictions that may impact testing.
• Outline target list/in-scope assets by gathering logical and physical diagrams, Internet protocol (IP) addresses, and domains.
• Define and validate the rules of engagement for safely conductingthe
Penetration Testing exercise within an organization.
• Prepare legal documents related to the Penetration Testing exercise.
Topic 2A Assess Environmental Considerations
Topic 2B Outline the Rules of Engagement
Topic 2C Prepare Legal Documents
Lesson 2 Summary