PT0-002 · Question #502
PT0-002 Question #502: Real Exam Question with Answer & Explanation
The correct answer is D: Failure to remove tester-created credentials. The most probable root cause for a ransomware attack immediately following a penetration test is the failure to remove tester-created credentials, leaving backdoors for malicious actors.
Question
A client claims that a ransomware attack has crippled its corporate network following a penetration test assessment. Which of the following is the most likely root cause of this issue?
Options
- AClient reluctance to accept findings
- BLack of attestation
- CIncomplete data destruction process
- DFailure to remove tester-created credentials
Explanation
The most probable root cause for a ransomware attack immediately following a penetration test is the failure to remove tester-created credentials, leaving backdoors for malicious actors.
Common mistakes.
- A. Client reluctance to accept findings might lead to unaddressed vulnerabilities in the future, but it would not directly cause a ransomware attack immediately after the test concludes unless the test itself introduced the vulnerability.
- B. Lack of attestation refers to the absence of a third-party declaration of compliance or findings, which is an administrative issue and does not directly cause a technical compromise like a ransomware attack.
- C. An incomplete data destruction process typically relates to the secure erasure of sensitive data, not the creation of persistent access points that could lead to a network compromise post-test.
Concept tested. Post-penetration test hygiene
Topics
Community Discussion
No community discussion yet for this question.