Answered You can hire a professional tutor to get the answer.


I am having a hard time trying to put the best suggestions into the pasted doc below. I put what was asked of me. I have completed several other...

I am having a hard time trying to put the best suggestions into the pasted doc below. I put what was asked of me. I have completed several other different ones but stuck on these. Your edits will be a huge help as I can further elaborate on your input.


Please review and critique the following External Network Penetration Scoping Worksheet and Engagement Draft document. Is there anything that should be written differently to make things clearer, add or subtract? Put your comments or changes inside the documents in Reviewer mode. Finally, please provide a brief paragraph at the end of EACH document providing your opinion/summarizing your suggestions.



ABC External Network Penetration Test Engagement Scoping Worksheet:

1.      What are the primary goals of this engagement, as Client understands it?

2.      Besides primary contact, is ABC authorized to discuss testing procedures and results with anyone else at Client?

3.      What are the specific Client IP addresses to be tested during this engagement?

4.      Are there additional network ranges or domain names to be included in the test?

5.      By whom and how have these targets been verified?

6.      Are these targets specific to one physical location?

7.      Are these the only external facing IP addresses belonging to Client that might be found during ABC's initial information gathering or has the decision been made to exclude any IP addresses, network ranges or domains that ABC should be aware of as off-limits?

8.      When should the active portions of the testing be conducted? (During business hours, after business hours, only on weekends, etc.)

9.     Are there any devices in place that may impact the results of testing such as firewall, intrusion detection or prevention systems, web application firewall, etc?

10. If there are such devices and scanning is detected, will IP addresses of scanning systems be actively blocked or shunned or will they be allowed to continue in order to facilitate a full scan?

11.  Will test be announced to Client personnel and/or its IT department or will this engagement be used to measure current effectiveness of network monitoring and response?

12.  Are there any previous known incidents that ABC should be aware of or any known vulnerabilities you specifically want to check for during this test?

13.  Do you plan to include third-party hosted applications or websites, such as 3rd party Client website or email server, which would require Client to notify and obtain special permission to scan?

14.  In the case that a system is actually penetrated, how should testing proceed? Should ABC stop testing and report the successful compromise or continue and attempt to gain the highest privileges possible on the compromised system?

15.  Is this strictly a network based test or do you want social techniques utilized as well, ie attempting to get information from Client employees, etc?

Show more
Ask a Question