Scoping Questionnaire

NaviSec exists to partner with our clients to implement the right sized protection they need to focus on critical business operations. NaviSec is your cyber security department – We offer Offensive, Defensive and 24-7 SOC operations that interlink to empower your business to have the best possible protection against the oncoming storm. Our holistic approach to security is 100% scalable and your business is never penalized for wanting more or needing less.

We at NaviSec believe in the principle that; Security is a journey, not a destination. Our 4 pillars of cyber security were carefully devised around that idea and with clients’ needs in mind to produce a secure high-quality outcome for customers of all sizes.

Thank you for the opportunity to provide a proposal for penetration testing services.  In order to provide an accurate proposal, please complete and return the following questionnaire. This questionnaire is used to gain an understanding of the size and the scope of the penetration test.

First Name *
Last Name *
Company *
Mobile phone number
Email *
State/Region *

External and Social

Do you want us to perform social engineering as part of the external pentest? *
Ex: Custom Phishing Campaigns, Spear Phishing, Whaling, MFA Bypass.These will be real-world crafted attacks to capture credentials or session tokens to bypass MFA as part of the PenTest
External IP Address Count *
Any interface that is connected to the internet that points directly back to you.


What is the estimated total number of live addressable targets on your network? *
These can include:
* Workstations
* Servers (Physical - Virtual Machines)
* Firewalls
* Switches/Routers
* Access Points
* Printers
* Cameras
* VOIP Phones
* Other Devices


Do you want us to perform a Wireless PenTest? *
How many SSIDs do you have for testing? *
SSID stands for service set identifier. It’s a unique ID that can be made up of case-sensitive letters, numbers, and special characters like dashes, periods, and spaces. According to the 802.11 wireless local area networks (WLAN) standard, an SSID can be as long as 32 characters.
Can all of the SSIDs be reached from one location? *
How many locations have unique SSIDs to be tested? *

Active Directory Audit

Do you wish us to audit your Active Directory? *
Active Directory (AD) auditing is the process of assessing the overall configuration of the active directory to identify hidden flaws that could enable a range of bypasses and elevation of privileges.
The number of Active Directories to be audited? *

M365 Security Sweep

Would you like us to perform an M365 Security Sweep? *
These include:
* Exchange administration
* SharePoint administration
* Microsoft Teams
* Microsoft Intune
* Microsoft Graph


Would you like us to perform physical PenTesting (on-site)? *
How many locations would you like tested? *
Are the locations all within a 4hr radius of one another? *

Urgent Contact