nerdexam
EC-Council

312-50V10 · Question #404

A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him

The correct answer is A. Say no; the friend is not the owner of the account.. This question tests the ethical and legal requirement that penetration testers must have explicit authorization from the actual account or system owner before conducting any testing.

Information Security and Ethical Hacking Fundamentals

Question

A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him to court. What is the ethical response?

Options

  • ASay no; the friend is not the owner of the account.
  • BSay yes; the friend needs help to gather evidence.
  • CSay yes; do the job for free.
  • DSay no; make sure that the friend knows the risk she's asking the CEH to take.

How the community answered

(52 responses)
  • A
    87% (45)
  • B
    8% (4)
  • C
    4% (2)
  • D
    2% (1)

Why each option

This question tests the ethical and legal requirement that penetration testers must have explicit authorization from the actual account or system owner before conducting any testing.

ASay no; the friend is not the owner of the account.Correct

A certified ethical hacker is legally and ethically required to obtain authorization from the actual owner of the target system or account. The husband's email account belongs to the husband, not the requesting friend, so accessing it without his consent constitutes unauthorized access under laws such as the Computer Fraud and Abuse Act. The intended purpose of gathering evidence does not override the authorization requirement.

BSay yes; the friend needs help to gather evidence.

The intended use of gathered evidence does not override the legal requirement for account owner authorization before accessing private accounts.

CSay yes; do the job for free.

Performing unauthorized access for free does not remove the illegality or ethical violation - compensation is irrelevant to whether valid authorization exists.

DSay no; make sure that the friend knows the risk she's asking the CEH to take.

While the CEH does bear personal legal risk, the primary ethical reason to refuse is that the friend is not the account owner and therefore cannot grant valid authorization to access it.

Concept tested: Ethical hacking authorization and account ownership

Source: https://www.eccouncil.org/code-of-ethics/

Topics

#authorization#unauthorized access#legal consent#ethical boundaries

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice