PT0-002 Question #206: Real Exam Question with Answer & Explanation

Question

A penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet. Which of the following is the BEST action for the tester to take?

Options

• ACheck the scoping document to determine if exfiltration is within scope.
• BStop the penetration test.
• CEscalate the issue.
• DInclude the discovery and interaction in the daily report.

Explanation

Upon discovering illicit activity and a bribery attempt during an assessment, the penetration tester's best action is to include all details in the daily report for transparency and proper escalation.

Common mistakes.

• A. While checking the scoping document is generally important, a discovery of illegal activity and a bribe fundamentally shifts the ethical responsibility and requires immediate reporting regardless of the initial scope.
• B. Stopping the penetration test does not address the discovered illicit activity or the bribery attempt, which still require formal reporting to the client.
• C. Escalating the issue is correct, but 'including the discovery and interaction in the daily report' is the most appropriate and formal method of escalation within the context of a penetration test engagement.

Concept tested. Penetration testing ethics, reporting procedures

Reference. https://www.eccouncil.org/ethical-hacking-code-of-ethics/

No community discussion yet for this question.