nerdexam
EC-Council

312-50V10 · Question #224

You are performing a penetration test. You achieved access via a buffer overflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder

The correct answer is D. Report immediately to the administrator.. A penetration tester who discovers sensitive personal financial data outside the engagement scope must immediately report it to the administrator rather than act on it.

Information Security and Ethical Hacking Fundamentals

Question

You are performing a penetration test. You achieved access via a buffer overflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator's bank account password and login information for the administrator's bitcoin account. What should you do?

Options

  • ADo not report it and continue the penetration test.
  • BTransfer money from the administrator's account to another account.
  • CDo not transfer the money but steal the bitcoins.
  • DReport immediately to the administrator.

How the community answered

(50 responses)
  • A
    4% (2)
  • B
    2% (1)
  • C
    6% (3)
  • D
    88% (44)

Why each option

A penetration tester who discovers sensitive personal financial data outside the engagement scope must immediately report it to the administrator rather than act on it.

ADo not report it and continue the penetration test.

Failing to report discovered sensitive information violates the ethical obligations and contractual terms established in the penetration testing agreement.

BTransfer money from the administrator's account to another account.

Transferring money from any account without authorization constitutes wire fraud and is a criminal offense regardless of how access was obtained.

CDo not transfer the money but steal the bitcoins.

Taking cryptocurrency without authorization is theft and a criminal offense, and the method of access does not change the legal or ethical outcome.

DReport immediately to the administrator.Correct

Penetration testers operate under a defined scope and rules of engagement; accessing personal financial data falls outside that scope and creates both ethical and legal exposure. Immediate disclosure to the administrator fulfills the tester's professional obligations, protects them from criminal liability, and allows the administrator to secure that data promptly.

Concept tested: Penetration testing ethics and responsible disclosure

Source: https://www.eccouncil.org/ethical-hacking/

Topics

#penetration testing ethics#responsible disclosure#scope boundaries#ethical hacking

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice