nerdexam
EC-Council

312-50V10 · Question #399

An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetra

The correct answer is B. Ask the employer for authorization to perform the work outside the company.. Before performing any outside security work, an ethical hacker employed by a firm must obtain explicit authorization from their employer to avoid conflicts of interest and policy violations.

Information Security and Ethical Hacking Fundamentals

Question

An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor. What should the hacker's next step be before starting work on this job?

Options

  • AStart by foot printing the network and mapping out a plan of attack.
  • BAsk the employer for authorization to perform the work outside the company.
  • CBegin the reconnaissance phase with passive information gathering and then move into active
  • DUse social engineering techniques on the friend's employees to help identify areas that may be

How the community answered

(23 responses)
  • A
    4% (1)
  • B
    78% (18)
  • C
    13% (3)
  • D
    4% (1)

Why each option

Before performing any outside security work, an ethical hacker employed by a firm must obtain explicit authorization from their employer to avoid conflicts of interest and policy violations.

AStart by foot printing the network and mapping out a plan of attack.

Footprinting and planning an attack without authorization is illegal and unethical - no technical work can begin before all legal and contractual prerequisites are satisfied.

BAsk the employer for authorization to perform the work outside the company.Correct

An ethical hacker employed by a security research firm is bound by their employment agreement, which typically prohibits performing competing or outside professional work without prior written consent. Performing a penetration test for a friend without employer authorization could violate the employment contract, create liability for the employer, and breach professional ethics codes. The correct first step is always to seek formal employer approval before accepting any outside engagement.

CBegin the reconnaissance phase with passive information gathering and then move into active

Beginning reconnaissance, even passively, constitutes starting the engagement without resolving the authorization conflict with the hacker's employer, which must be addressed first.

DUse social engineering techniques on the friend's employees to help identify areas that may be

Social engineering techniques are an active attack phase and cannot be initiated before proper authorization from both the employer and the target organization is obtained.

Concept tested: Ethical hacker employer authorization for outside engagements

Source: https://www.eccouncil.org/wp-content/uploads/2022/09/CEH-Exam-Blueprint-v4.0.pdf

Topics

#ethical hacking#authorization#scope of work#professional ethics

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice