What is a scope creep in a penetration test?

  1. Testing systems that are out of scope
  2. Adding additional testers to the project
  3. Expanding the test boundaries beyond the original agreement ✓
  4. Finding more vulnerabilities than expected

Correct answer: Expanding the test boundaries beyond the original agreement

Scope creep in a penetration test refers to the gradual or unauthorized expansion of the testing boundaries beyond what was originally defined and agreed upon in the rules of engagement or statement of work, which can expose the tester to legal liability and the client to unexpected disruption. Option A, testing out-of-scope systems, is a consequence or symptom of scope creep but describes the act itself rather than the definition of the concept. Option B, adding additional testers, is a resource management change that does not inherently alter the scope of systems or activities covered. Option D, finding more vulnerabilities than expected, is simply a discovery outcome and has no bearing on the agreed boundaries of the engagement.

Topic: · scope creep, rules of engagement, penetration testing, pentest+

Practice CompTIA PenTest+ (PT0-002) Questions Free