Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?
A.
Analyze the malware to see what it does.
B.
Collect the proper evidence and then remove the malware.
C.
Do a root-cause analysis to find out how the malware got in.
D.
Remove the malware immediately.
E.
Stop the assessment and inform the emergency contact.
It’s E. You’re getting paid to do an assessment, no to remediate. Not your circus, not your monkeys.
Besides, what if their secops team wants to further investigate and you remove the malware found.
After identifying that an application being tested has already been compromised with malware, the penetration tester should prioritize the collection of proper evidence before taking any further actions. It is important to gather evidence to understand the nature of the compromise, identify the malware involved, and document the impact it has had on the system or application.
Once the necessary evidence has been collected, the penetration tester should proceed with removing the malware from the compromised system or application. This step is important to restore the integrity and security of the system and prevent further damage or unauthorized access.
After removing the malware, additional steps can be taken, such as analyzing the malware to understand its behavior, performing a root-cause analysis to determine how the malware entered the system, and informing the relevant parties, such as the client or system administrators, about the incident. However, the immediate priority should be to mitigate the compromise by removing the malware and securing the affected system.
This section is not available anymore. Please use the main Exam Page.PT1-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Isuzu
Highly Voted 3 years, 7 months agostrawberryspring
Highly Voted 3 years, 1 month agobieecop
Most Recent 1 year, 9 months agobieecop
1 year, 9 months agobieecop
1 year, 9 months agoCharlieb123
3 years agoBinarySoldier
3 years, 2 months agotokhs
3 years, 4 months agoBinarySoldier
3 years, 5 months ago