In a merger penetration test scope, which item should be included?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the EC-Council Certified Ethical Hacker (CEH) Certification. Master concepts with flashcards and multiple choice questions, each enriching your understanding. Ready yourself to succeed in your exam!

Multiple Choice

In a merger penetration test scope, which item should be included?

Explanation:
In a merger penetration test, the scope must cover how people and organizational practices influence security. The way employees from both organizations behave, follow policies, and interact with processes can create real risk—often more so than any single technical control. Company culture shapes security awareness, incident response readiness, access management discipline, and how smoothly security policies are adopted across the merged entity. If cultural differences aren’t considered, testers may miss vulnerabilities that arise from inconsistent training, conflicting procedures, or different risk tolerances, such as weak onboarding, rushed privilege provisioning, or poor cross‑team coordination. Salaries, office furniture, and brand color don’t affect the security controls or risk posture the test is designed to evaluate, so they aren’t relevant to the scope. Therefore, including company culture makes the most sense because it directly impacts how security is practiced in the merged organization.

In a merger penetration test, the scope must cover how people and organizational practices influence security. The way employees from both organizations behave, follow policies, and interact with processes can create real risk—often more so than any single technical control. Company culture shapes security awareness, incident response readiness, access management discipline, and how smoothly security policies are adopted across the merged entity. If cultural differences aren’t considered, testers may miss vulnerabilities that arise from inconsistent training, conflicting procedures, or different risk tolerances, such as weak onboarding, rushed privilege provisioning, or poor cross‑team coordination.

Salaries, office furniture, and brand color don’t affect the security controls or risk posture the test is designed to evaluate, so they aren’t relevant to the scope. Therefore, including company culture makes the most sense because it directly impacts how security is practiced in the merged organization.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy