Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
A pen tester that is testing devices and systems beyond that which is allowed by the Rules of Engagement is MOST likely involved with
Scope creep
Inadequate assessors
Expensive cost
Lack of quality
The correct response is scope creep. Security assessments similar to software development are prone to scope creep. Therefore it is important to exactly define what their organization desires to achieve at the end of the assessment and define the processes to meeting the goal. (However based on my real life experience the SA is always error prone due to human factor.) ****I disagree with the answer and part of the explanation given. If the example given in the question occurred, it should be shut down immediately as the pen tester breached the contract either due to being an (Inadequate assessor) or (Lack of Quality). However, (Scope Creep) occurs due to changing demands or needs by the customer not the pen tester as offered in the question. I don't know who wrote the question or came up with the answer but i truly hope it is not representative of the questions that will be experienced on the actual CISSP test.
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.