312-50V10 · Question #404
A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him
The correct answer is A. Say no; the friend is not the owner of the account.. This question tests the ethical and legal requirement that penetration testers must have explicit authorization from the actual account or system owner before conducting any testing.
Question
A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him to court. What is the ethical response?
Options
- ASay no; the friend is not the owner of the account.
- BSay yes; the friend needs help to gather evidence.
- CSay yes; do the job for free.
- DSay no; make sure that the friend knows the risk she's asking the CEH to take.
How the community answered
(52 responses)- A87% (45)
- B8% (4)
- C4% (2)
- D2% (1)
Why each option
This question tests the ethical and legal requirement that penetration testers must have explicit authorization from the actual account or system owner before conducting any testing.
A certified ethical hacker is legally and ethically required to obtain authorization from the actual owner of the target system or account. The husband's email account belongs to the husband, not the requesting friend, so accessing it without his consent constitutes unauthorized access under laws such as the Computer Fraud and Abuse Act. The intended purpose of gathering evidence does not override the authorization requirement.
The intended use of gathered evidence does not override the legal requirement for account owner authorization before accessing private accounts.
Performing unauthorized access for free does not remove the illegality or ethical violation - compensation is irrelevant to whether valid authorization exists.
While the CEH does bear personal legal risk, the primary ethical reason to refuse is that the friend is not the account owner and therefore cannot grant valid authorization to access it.
Concept tested: Ethical hacking authorization and account ownership
Source: https://www.eccouncil.org/code-of-ethics/
Topics
Community Discussion
No community discussion yet for this question.