1. B. The rules of engagement define what the penetration testing company can or cannot do. It lists the specific actions that are allowable. Answer A is incorrect because the NDA describes what can and cannot be discussed with others. Answer C is incorrect because the SLA defines a level of service. Answer D is incorrect because the project scope examines the time, scope, and cost of the project.
2. B. Confidentiality addresses the secrecy and privacy of information. Physical examples of confidentiality include locked doors, armed guards, and fences. ...