nerdexam
EC-Council

312-50V10 · Question #498

While you were gathering information as part of security assessments for one of your clients, you were able to gather data that show your client is involved with fraudulent activities. What should you

The correct answer is A. Immediately stop work and contact the proper legal authorities. When a security professional discovers evidence of illegal activity during an engagement, professional ethics and legal obligations require stopping work and reporting to authorities. Continuing the engagement or handling evidence improperly creates legal liability.

Information Security and Ethical Hacking Fundamentals

Question

While you were gathering information as part of security assessments for one of your clients, you were able to gather data that show your client is involved with fraudulent activities. What should you do?

Options

  • AImmediately stop work and contact the proper legal authorities
  • BIgnore the data and continue the assessment until completed as agreed
  • CConfront the client in a respectful manner and ask her about the data
  • DCopy the data to removable media and keep it in case you need it

How the community answered

(30 responses)
  • A
    93% (28)
  • C
    3% (1)
  • D
    3% (1)

Why each option

When a security professional discovers evidence of illegal activity during an engagement, professional ethics and legal obligations require stopping work and reporting to authorities. Continuing the engagement or handling evidence improperly creates legal liability.

AImmediately stop work and contact the proper legal authoritiesCorrect

Continuing the assessment after discovering evidence of fraud could make the assessor complicit in the illegal activity or obstruct justice. Professional codes of ethics (such as those from ISC2 and EC-Council) require practitioners to act lawfully and report crimes to proper authorities. Stopping work preserves the integrity of any potential investigation and protects the assessor from legal exposure.

BIgnore the data and continue the assessment until completed as agreed

Ignoring evidence of fraud and continuing the assessment could constitute willful blindness or complicity, exposing the assessor to criminal or civil liability.

CConfront the client in a respectful manner and ask her about the data

Confronting the client directly could alert them to destroy evidence and does not fulfill the legal obligation to report criminal activity to authorities.

DCopy the data to removable media and keep it in case you need it

Copying data to removable media without authorization could constitute evidence tampering, unauthorized data exfiltration, or chain-of-custody violations that undermine prosecution.

Concept tested: Security professional ethics and legal obligations during engagements

Source: https://www.isc2.org/Ethics

Topics

#ethical hacking ethics#legal obligations#professional conduct#incident response

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice