[&] What should always be clearly defined before proceeding with the penetration test?
- The time of day when tests will be performed
- The testing tools to be used
- The background of the penetration tester
- The goals and scope of the engagement

[&] Why is conducting a risk assessment important during the pre-engagement phase?
- To understand the potential impact of the test on the web application and organization
- To prevent any communication issues with the client
- To identify the best testing tools to use
- To ensure the penetration tester has enough time to complete the tasks

[&] What is the primary purpose of the pre-engagement phase in a web application penetration test?
- To lay the foundation for a successful and well-planned security assessment
- To ensure the client has all the necessary penetration testing tools
- To initiate the actual testing activities
- To perform risk assessment and acceptance

[&] Which of the following is NOT typically discussed or agreed upon during the pre-engagement phase?
- The specific vulnerabilities to be tested
- Specific rules and constraints for testing
- Communication channels and escalation procedures
- Testing methodologies to be used

[&] During the pre-engagement phase, what must be obtained from the client before initiating the actual testing?
- A list of vulnerabilities
- A list of preferred tools
- Signed authorization and legal permissions
- An initial risk assessment report

[&] What term refers to systems or networks that are explicitly stated as not part of the testing?
- Unauthorized zones
- Out of scope
- In scope
- Testing boundaries