PT0-002 · Question #38
PT0-002 Question #38: Real Exam Question with Answer & Explanation
The correct answer is D: NDA. {"question_number": 5, "correct_answer": "D", "explanation": "The penetration tester violated a Non-Disclosure Agreement (NDA) by publicly posting details about the exploit and the client's IP addresses after the engagement. An NDA is a legally binding contract that prohibits the
Question
A penetration tester exploited a unique flaw on a recent penetration test of a bank. After the test was completed, the tester posted information about the exploit online along with the IP addresses of the exploited machines. Which of the following documents could hold the penetration tester accountable for this action?
Options
- AROE
- BSLA
- CMSA
- DNDA
Explanation
{"question_number": 5, "correct_answer": "D", "explanation": "The penetration tester violated a Non-Disclosure Agreement (NDA) by publicly posting details about the exploit and the client's IP addresses after the engagement. An NDA is a legally binding contract that prohibits the sharing of confidential client information - including vulnerabilities discovered, network details, and any findings from the engagement. The ROE (A) governs the scope and conduct during the test itself. The SLA (B) defines service delivery standards. The MSA (C) is a general overarching contract for the business relationship. The NDA specifically addresses confidentiality obligations that extend beyond the engagement, making the tester legally accountable for this disclosure.", "generated_by": "claude-sonnet", "llm_judge_score": 4}
Topics
Community Discussion
No community discussion yet for this question.