What is the purpose of a rules of engagement (RoE) document?

  1. To provide a timeline for the entire engagement
  2. To list all tools that will be used during the test
  3. To document all vulnerabilities found
  4. To establish legal boundaries and expectations for the penetration test ✓

Correct answer: To establish legal boundaries and expectations for the penetration test

Option D is correct because a Rules of Engagement document formally defines the legal and operational boundaries of a penetration test, specifying what is in scope, what actions are permitted, who has authorized the test, and the conditions under which testing must stop, thereby protecting both the tester and the organization legally. Option A is incorrect because the project timeline is typically documented in the Statement of Work or the overall engagement contract, not specifically in the Rules of Engagement. Option B is incorrect because tool lists may be discussed during scoping but are not the primary purpose of the RoE; the RoE focuses on boundaries and authorization rather than tooling details. Option C is incorrect because documenting vulnerabilities found is the purpose of the penetration test report or findings log, which is produced after testing, not before.

Topic: · rules of engagement, penetration testing, legal authorization, scope definition

Practice CompTIA PenTest+ (PT0-002) Questions Free