Exam PT0-002 topic 1 question 42 discussion

C. Stop the assessment and inform the emergency contact. The best action for the penetration tester to take after discovering the unknown IP range on the network device would be to stop the assessment and inform the emergency contact. The IP range belongs to a third-party supplier, which is likely out of scope for the assessment, and any unauthorized access or manipulation of their systems could have severe legal and financial implications. It would be inappropriate to utilize the tunnel as a means of pivoting to other internal devices, as it would be unauthorized access. Disregarding the IP range would be a violation of professional conduct, as well as a potential violation of laws. Scanning the IP range for additional systems to exploit would be unauthorized access and could lead to severe legal and financial consequences. It is important for penetration testers to follow strict guidelines and procedures when conducting assessments, and to always err on the side of caution when it comes to accessing systems that are out of scope.

I could see B, C here I dont think it would be D because this is a third party network that has not approved our pentest which means we do not have permission. I personally think B is the correct Answer.

I understand the rationale people are providing for B. I think B/C could both be practically correct depending on the context. The 'think like the test' answer is definitely C.

In this scenario, the BEST action for the penetration tester to take is C. Stop the assessment and inform the emergency contact. Here’s why: Ethical and Legal Considerations: Accessing a third-party supplier’s network without explicit permission could violate legal and ethical guidelines. It’s crucial to respect the scope of the engagement and avoid unauthorized access. Scope of Work: The IP range associated with the third-party supplier is likely out of the defined scope of the penetration test. Continuing to explore this range could lead to unintended consequences and potential legal issues. Communication: Informing the emergency contact ensures that the client is aware of the situation and can take appropriate actions, such as notifying the third-party supplier or adjusting the scope of the engagement. Taking this approach demonstrates professionalism and adherence to ethical standards in penetration testing.

I have to go with B. It says it's a VPN to the 3rd party supplier. This is common. Just because it's unknown to the PenTester doesn't mean its malicious, it's just out of scope. Disregard and move on.

B. Disregard the IP range, as it is out of scope

Agree with C. This could be one of the reasons for communication - situational awareness. This may also lead to goal reprioritization if previously unknown IP range. I imagine the SOW document should have an out-of-scope list as well as in-scope IP ranges.

C. Stop the assessment and inform the emergency contact.

If the question say "a Third Party supplier" so it means Pentester must be aware of the supplier. IP range must be out of scope that is why it is unknown.

"previously unknown IP range" - to whom? To the pentester? That means it's not in scope, but doesn't say anything about it being in any way suspicious or unknown to the client. If it's unknown to the client, then C, but that's information that is unknown to the pentester (that the IP range is unknown to the client).

Penetration testing must always be conducted within the boundaries and scope defined by the client, including adherence to legal and ethical guidelines. If the penetration tester encounters an IP range or network segment that wasn't identified in the scope of the engagement, it would be inappropriate to continue probing, exploiting, or utilizing that range without proper authorization. The most responsible course of action would be to: C. Stop the assessment and inform the emergency contact.

C is correct You stop the assessment immediately

The best action for the penetration tester to take is A. Utilize the tunnel as a means of pivoting to other internal devices. By using the VPN tunnel, the penetration tester can gain access to other internal systems, allowing them to gain a deeper understanding of the architecture and potential vulnerabilities.

The best action for the penetration tester to take is A. Utilize the tunnel as a means of pivoting to other internal devices. By using the VPN tunnel, the penetration tester can gain access to other internal systems, allowing them to gain a deeper understanding of the architecture and potential vulnerabilities.

C - You stop the assessment immediately and inform the emergency contact. B - Disregarding the IP range as it is out of scope is wrong. It is illegal to scan another client's IP range without permission. You have gained access into the third party supplier's vpn tunnel which is illegal.

The BEST action for the penetration tester to take in this scenario is to immediately stop the assessment and inform the appropriate personnel. Option C is the correct answer. As a penetration tester, it is important to follow a strict code of ethics and always act in a responsible and professional manner. The fact that the IP range is part of an always-on VPN tunnel to a third-party supplier means that it is likely not within the scope of the assessment, and attempting to exploit or pivot through the VPN tunnel could result in serious consequences for both the penetration tester and the third-party supplier. In addition, the fact that the IP range was previously unknown suggests that it may be a critical component of the network infrastructure, and any unauthorized access or activity could potentially cause significant damage.

ccccccccccccccc