A long term client has asked your team to conduct a penetration test on the operations control technology that manages a chemical manufacturing plant just outside Philadelphia off of I$-95$ towards Delaware. Your firm has done similar work around the region. The customer is willing to start price negotiations at $$250$K$.$ Based on past experience, the client estimates the test will run $4$ months starting in one month. Yesterday you learned that your operations control expert starts paternity leave in two months. Considering the ethics $($from EC$-$Council$)$ and the business benefit for your small security services firm, what should you do$?$

$1.$ Agree to the start defining scope and costs based on the ethical coniseration that you have disclosed and are willing to disclose the names of chemical firms you have assisted.

$2.$ Respectfully decline based on the ethical consideration of providing services in your areas of competence.

$3.$ Respectfully decline based on the ethical consideration of not engaging in deceptive financial practices because $$250$K is bribery

$4.$ Agree to the start defining scope and costs based on the ethical coniseration that your firm can protect their intellectual property

Your penetration test team has returned to their testing spaces to commence another day in a two month long engagement. Some of your team got in before you. The got started at $08$:$05($UTC $-5$:$00).$ You thought the team agreed to start at $09$:$30($UTC $-6$:$00).$ This has got you really worried. Where do you look in the rules of engagement to see if the the time is authorized? What start time would authorize your teammates' actions?

Format of options: Answer for first question: Answer for second question

$1.$ Authorization: $05$:$00($UTC $-9$:$00)$

$2.$ Timing: $05$:$00($UTC $-8$:$00)$

$3.$ Timing: $08$:$00($UTC $-7$:$00)$

$4.$ Scope: $04$:$00($UTC $-8$:$00)$

When complying with EC$-$Council's list of $18$ statements of ethics within their code of ethics, how many of them must be complied with at any given time or penetration test engagement?

$1.$ Using a statistical analogy, compliance to this code is like a probability distribution function with a long tail. The first $10$ covers $95\%$ of the ethical needs, which is compliant.

$2.$ All of them, logically the statements are logically ANDed and all must test true

$3.$ The rule numbers are weights for an ethical assessment calculation that says that you are ethical as long as the sum of the weights is at least $42$

$4.$ Do your best to comply with each one, you are only human.