The organization will provide the limits and scope of the testing to the security services firm that will conduct a penetration test. The limits and scope of the testing define the boundaries, objectives, and rules of engagement for the penetration test, such as the target systems, the testing methods, the testing duration, the testing schedule, the testing team, the testing tools, the testing reporting, and the testing authorization. The limits and scope of the testing are essential for ensuring the legality, the ethics, and the effectiveness of the penetration test.
B. Physical location of server room and wiring closet is not something that the organization will provide to the security services firm that will conduct a penetration test, as it could compromise the security and the integrity of the network infrastructure and the testing results.
C. Logical location of filters and concentrators is not something that the organization will provide to the security services firm that will conduct a penetration test, as it could reveal the network architecture and the security controls and affect the testing accuracy and validity.
D. Employee directory and organizational chart is not something that the organization will provide to the security services firm that will conduct a penetration test, as it could violate the privacy and the confidentiality of the employees and the organization.
References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 7, page 427; Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 7, page 381
