nerdexam
EC-Council

312-50V11 · Question #498

While you were gathering information as part of security assessments for one of your clients, you were able to gather data that show your client is involved with fraudulent activities. What should you

The correct answer is A. Immediately stop work and contact the proper legal authorities. Discovering evidence of client fraud during a security assessment creates a legal and ethical obligation to cease work and report to the appropriate legal authorities.

Information Security and Ethical Hacking Fundamentals

Question

While you were gathering information as part of security assessments for one of your clients, you were able to gather data that show your client is involved with fraudulent activities. What should you do?

Options

  • AImmediately stop work and contact the proper legal authorities
  • BIgnore the data and continue the assessment until completed as agreed
  • CConfront the client in a respectful manner and ask her about the data
  • DCopy the data to removable media and keep it in case you need it

How the community answered

(28 responses)
  • A
    79% (22)
  • B
    4% (1)
  • C
    14% (4)
  • D
    4% (1)

Why each option

Discovering evidence of client fraud during a security assessment creates a legal and ethical obligation to cease work and report to the appropriate legal authorities.

AImmediately stop work and contact the proper legal authoritiesCorrect

A penetration tester who uncovers evidence of criminal activity such as fraud is legally obligated to stop the engagement immediately to avoid becoming complicit in the ongoing illegal activity. Continuing work or handling the data improperly could expose the assessor to legal liability, and reporting to proper legal authorities ensures that evidence is handled correctly within the chain of custody and that the illegal activity is addressed through proper legal channels.

BIgnore the data and continue the assessment until completed as agreed

Ignoring evidence of fraud and continuing the assessment makes the assessor potentially complicit in the illegal activity and violates professional ethical standards.

CConfront the client in a respectful manner and ask her about the data

Directly confronting the client about fraudulent activity could compromise evidence, create a hostile situation, and expose the assessor to personal risk - this is a matter for legal authorities, not informal confrontation.

DCopy the data to removable media and keep it in case you need it

Copying potentially illegal data to removable media without legal authorization could itself be illegal, violate evidence handling protocols, and compromise the chain of custody needed for any subsequent legal proceedings.

Concept tested: Ethical and legal obligations upon discovering client criminal activity

Source: https://www.eccouncil.org/code-of-ethics/

Topics

#ethical hacking ethics#legal obligations#incident reporting#professional conduct

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice