- Know the Rules of Engagement
- Know the time the customer want the active portions (scanning, enumeration, exploitation, etc...) of the penetration test to be conducted
- How many total IP addresses are being tested ?
- How many internal IP addresses, if applicable?
- How many external IP addresses, if applicable?
- Are there any devices in place that may impact the results of a penetration test such as a firewall, intrusion detection/prevention system, web application firewall, or load balancer?
- In the case that a system is penetrated, how should the testing team proceed?
- Perform a local vulnerability assessment on the compromised machine?
- Attempt to gain the highest privileges (root on Unix machines, SYSTEM or Administrator on Windows machines) on the compromised machine?
- Perform no, minimal, dictionary, or exhaustive password attacks against local password hashes obtained (for example, /etc/shadow on Unix machines)?
- How many wireless networks are in place?
- Is a guest wireless network used? If so:
- Does the guest network require authentication?
- What type of encryption is used on the wireless networks?
- What is the square footage of coverage?
- Will enumeration of rogue devices be necessary?
- Will the team be assessing wireless attacks against clients?
- Approximately how many clients will be using the wireless network?