Question: 1/50
During planning, a client states the test must not impact a third-party SaaS provider that is accessed through the client’s environment. Which document element BEST ensures the tester stays compliant with this requirement?
Rules of engagement explicitly listing excluded targets and third-party systems
A vulnerability scan report template with severity ratings
A packet capture plan for all egress interfaces
An escalation matrix listing security leadership contacts