Question

abc company is in the process of merging with xyz company. as part of the merger, a penetration test has been recommended. testing the network systems, physical security, and data security have all been included in the scope of work. what else should be included in the scope of work?\
\

• company culture\
• email policies\
• password policies\
• employee ids

Explanation:

A penetration test focuses on identifying security vulnerabilities. Email policies are a critical part of organizational security, as they govern access, data handling, and threat mitigation for email systems—an attack vector often targeted in mergers. Company culture is not a security testing element, password policies are typically covered under data/network security scopes, and employee IDs are a small component of access controls rather than a standalone scope item.

Answer:

Email policies