Scoping Questionare

How many IPs/CIDR ranges in scope?

How many Domains/Subdomains are in scope?

How many wireless SSIDs in scope?

How many web/mobile applications? If testing is authenticated, how many roles (standard user, admin, etc.)?

For a phishing assessment, how many users will be targeted? Will the client provide a list, or we will be required to gather this list via OSINT?

If the client is requesting a Physical Assessment, how many locations? If multiple sites are in-scope, are they geographically dispersed?

What is the objective of the Red Team Assessment? Are any activities (such as phishing or physical security attacks) out of scope?

Is a separate Active Directory Security Assessment desired?

Will network testing be conducted from an anonymous user on the network or a standard domain user?

Do we need to bypass Network Access Control (NAC)?