Deconfliction in penetration testing is the process of coordinating and synchronizing penetration testing activities with other organizations or parties to avoid conflicting or overlapping testing efforts. This can include coordinating the scheduling of testing, sharing information about vulnerabilities discovered during testing, and ensuring that testing activities do not interfere with the normal operation of systems or networks. Deconfliction is important in order to ensure that penetration testing is conducted safely and effectively, and to avoid any unintended consequences that could arise from conflicting testing activities.
Providing situational awareness to key client personnel can help deconflict the breach
•This will then enable the PenTest to continue so that additional issues can be found, exploited, and analyzed.
I agree with C, I think you should find out first whether it's another red team conducting exercise or a true positive. If it's an actual criminal activity, then proceed with forensic investigation.
C!
....... According to the CompTIA Pentest+ text book:
"Deconfliction, which is the process of sorting out your pentest artifacts from the artifacts of a REAL COMPROMISE, for Example. The pentester may become the scapegoat if things start breaking of failing in the network, which could actually just be another administrator rebooting a host or making undocumented changes to the system."
D. proceeds in parallel with a criminal digital forensic investigation: This option clearly necessitates deconfliction. If a penetration test is running concurrently with a digital forensic investigation, the actions of the penetration tester could inadvertently alter evidence or be misinterpreted as malicious activity by the party under investigation. It's essential to ensure that the two activities do not interfere with each other.
Deconfliction is the process of coordinating activities to prevent conflicts or interference between different operations, investigations, or entities. In the context of a penetration test, deconfliction would be most relevant when:
D. proceeds in parallel with a criminal digital forensic investigation.
Explanation:
Option D: When a penetration test is occurring at the same time as a criminal digital forensic investigation, there could be confusion or conflicts between the activities of the penetration testers and the investigators. Deconfliction ensures that the activities of one do not interfere with or compromise the other, and that both parties are aware of each other's activities.
Deconfliction is a process that provides a way to separate Red Team activity from real-world activity.
So in my opinion, the only real world activity happening simultaneously is "proceeds in parallel with a criminal digital forensic investigation.".
I thought it was C because you are supposed to deconflict if you find illegal activity, but overlapping with another team during engagement needs to be addressed ASAP. So D would be the correct answer
Deconfliction is necessary when the penetration test proceeds in parallel with a criminal digital forensic investigation. This is done to avoid interfering with the ongoing investigation or to prevent the assessment from being impacted by the results of the investigation. In this situation, deconfliction is the process of coordinating with the law enforcement agency or incident response team responsible for the investigation to ensure that the penetration test does not interfere with or jeopardize the investigation. Answer D is the correct option.
Deconfliction is necessary when a penetration test proceeds in parallel with an authorized or unauthorized action, investigation, or operation by another entity. In option C, the penetration tester uncovers indicators of prior compromise over the course of the assessment. While this is an important finding that should be reported, it does not necessarily require deconfliction. In contrast, in option D, the penetration test proceeds in parallel with a criminal digital forensic investigation, which requires deconfliction to avoid interfering with the investigation or disrupting evidence.
I agree. I think some are saying C because this is similar to a few other questions but C looks more like escalation to me. D looks a lot more like deconflicting by the very definition of the word
This section is not available anymore. Please use the main Exam Page.PT0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
RRabbit_111
Highly Voted 1 year, 9 months agoManzer
Highly Voted 2 years agoduckduckgooo
10 months agostudy_study
Most Recent 3 weeks, 1 day agooutnumber_gargle024
4 months, 3 weeks agodeeden
7 months, 1 week agoBig_Dre
8 months agoJJP3
8 months, 2 weeks agooutnumber_gargle024
4 months, 3 weeks agoYokota
9 months agolordguck
10 months, 3 weeks ago4vv
1 year, 2 months agosolutionz
1 year, 2 months agomatheusfmartins
1 year, 2 months agokips
1 year, 3 months agoAnarckii
1 year, 4 months ago[Removed]
1 year, 6 months agoManiact165
1 year, 6 months agoAaronS1990
1 year, 6 months agoKingIT_ENG
1 year, 7 months ago