nerdexam
EC-Council

312-50V11 · Question #404

A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him

The correct answer is A. Say no; the friend is not the owner of the account.. A CEH must refuse any engagement involving unauthorized access to accounts, regardless of the requestor's personal relationship to the account holder or stated justification.

Information Security and Ethical Hacking Fundamentals

Question

A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him to court. What is the ethical response?

Options

  • ASay no; the friend is not the owner of the account.
  • BSay yes; the friend needs help to gather evidence.
  • CSay yes; do the job for free.
  • DSay no; make sure that the friend knows the risk she's asking the CEH to take.

How the community answered

(36 responses)
  • A
    86% (31)
  • B
    3% (1)
  • C
    3% (1)
  • D
    8% (3)

Why each option

A CEH must refuse any engagement involving unauthorized access to accounts, regardless of the requestor's personal relationship to the account holder or stated justification.

ASay no; the friend is not the owner of the account.Correct

The friend has no legal ownership or authorized access rights to her husband's email account, meaning any access would violate the Computer Fraud and Abuse Act (CFAA) and similar laws that prohibit unauthorized access to computer systems. A CEH's ethical code strictly limits work to authorized engagements, and personal motivation or relationship does not create legal authorization. Performing the access would expose the CEH to criminal prosecution.

BSay yes; the friend needs help to gather evidence.

Gathering evidence through unauthorized access is illegal and inadmissible in court; the stated legal goal does not justify the unlawful means.

CSay yes; do the job for free.

Performing the unauthorized access for free does not eliminate criminal liability - the act itself is illegal regardless of compensation.

DSay no; make sure that the friend knows the risk she's asking the CEH to take.

While the CEH's personal risk is a valid concern, the primary and sufficient reason to refuse is that the account owner has not authorized the access, making it illegal.

Concept tested: CEH ethical obligations and unauthorized access prohibition

Source: https://www.eccouncil.org/code-of-ethics/

Topics

#authorization#legal boundaries#ethics#scope of engagement

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice