nerdexam
EC-Council

312-50V10 · Question #400

A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from financial problems, a

The correct answer is B. Follow proper legal procedures against the company to request payment.. When a client fails to pay for completed penetration testing services, the only ethical and legal recourse is to pursue payment through proper legal channels.

Information Security and Ethical Hacking Fundamentals

Question

A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company will go out of business and end up not paying. What actions should the CEH take?

Options

  • AThreaten to publish the penetration test results if not paid.
  • BFollow proper legal procedures against the company to request payment.
  • CTell other customers of the financial problems with payments from this company.
  • DExploit some of the vulnerabilities found on the company webserver to deface it.

How the community answered

(49 responses)
  • A
    6% (3)
  • B
    73% (36)
  • C
    4% (2)
  • D
    16% (8)

Why each option

When a client fails to pay for completed penetration testing services, the only ethical and legal recourse is to pursue payment through proper legal channels.

AThreaten to publish the penetration test results if not paid.

Threatening to publish penetration test results is extortion and a direct violation of the non-disclosure agreement, constituting both a criminal act and a serious ethical breach.

BFollow proper legal procedures against the company to request payment.Correct

A CEH who has completed contracted work is entitled to payment and has legitimate legal remedies available, such as filing a civil claim or engaging a collections attorney. Using legal procedures respects the law, maintains professional integrity, and does not expose the CEH to criminal liability. All other options involve actions that are illegal, unethical, or violations of the non-disclosure agreement signed at the start of the engagement.

CTell other customers of the financial problems with payments from this company.

Disclosing confidential client financial information to third parties violates the NDA and professional confidentiality obligations regardless of the payment dispute.

DExploit some of the vulnerabilities found on the company webserver to deface it.

Exploiting vulnerabilities discovered during an authorized test for unauthorized purposes such as defacement is a criminal act under computer fraud laws, even if the hacker originally had legitimate access.

Concept tested: Ethical and legal conduct in post-engagement payment disputes

Source: https://www.eccouncil.org/code-of-ethics/

Topics

#ethical hacking#code of ethics#legal recourse#professional conduct

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice