Understanding the limitations and boundaries of the test environment comes hand in hand from the client requirements which can be justified as intentional or non-intentional interests. These can be in the form of technology, knowledge, or any other formal restrictions imposed by the client on the infrastructure. Each of these limitations may cause serious interruption to the testing process and can be resolved by using alternative methods. However, it is important to note that certain restrictions cannot be modified, as they are administered by the client to control the process of penetration testing. We will discuss each of these generic types of limitations with their relevant examples below.