CRISC Certified in Risk and Information Systems Control – Question541

To reduce the risk introduced when conducting penetration tests, the BEST mitigating control would be to:

A.
clearly define the project scope
B. perform background checks on the vendor
C. notify network administrators before testing
D. require the vendor to sign a nondisclosure agreement

Correct Answer: A