Exam PT0-002 topic 1 question 140 discussion

Not sure, but here's what the book says: "Another reason to communicate with the customer is to let the customer know if something unexpected arises while doing the pentest, such as if a critical vulnerability is found on a system, a new target system is found that is outside the scope of the penetration test targets, or a security breach is discovered when doing the penetration test. You will need to discuss how to handle such discoveries and who to contact if those events occur. In case of such events, you typically stop the pentest temporarily to discuss the issue with the customer, then resume once a resolution has been determined."

Escalate.

Question doesnt say next. It says 'best'. Sure you would have to stop first to escalate, but escalating is ultimately the best thing to do. You could stop the test and then go home without telling the client at all. Stopping doesnt actually solve anything so its not the BEST action to take.

C and B are both right, but you should stop first and then escalate. Carrying forward with such information is unethical and could possibly implicate you. Stop the test and report.

Disappointed there isn't an option to 'accept the bribe and keep on partying.' Come on Comptia, what's wrong with you? C is the right answer - you escalate the issue and stop IF asked by your client.

I agree with option C. If there are IoCs in the target network, pause (not stop) the engagement and shift to an incident response or recovery mode.

You must first STOP, then escalate. Not escalate, then stop. Stopping is the BEST move.

From CompTIA: Indicators of Prior Compromise are artifacts which can provide evidence of a prior cybersecurity event and could be from malicious sources. Consider the following: When a PenTester encounters evidence of a compromised system, should the Incident Response Team be notified to ensure that the organization is aware of the attack? If the evidence appears to be "fresh," the PenTest might need to be suspended until the security breach is handled. If it is historical, the PenTest team may instead log the discovery and continue with the task at hand.

C. This is an ongoing crime lol. Escalate to an emergency contact or management.

C all day

In this situation, the penetration tester has discovered an unethical and potentially illegal act. Accepting a bribe would be highly unethical and could also be illegal. The best course of action would be to follow proper channels and escalate the issue to the appropriate authorities within the organization or the client organization. So, the correct answer is: C. Escalate the issue. This ensures that the matter is dealt with according to the organization's policies and procedures, and it places the responsibility for handling the issue in the hands of those who are equipped to do so.

The best action for the tester to take is to escalate the issue. The tester should not accept payment from the administrator and instead should report the activity to the appropriate parties. Checking the scoping document to determine if exfiltration is within scope is important, but should be done after the incident is reported. Stopping the penetration test is not necessary as the tester should continue to identify any other issues that may exist. Including the discovery and interaction in the daily report is also important, but should be done only after the issue is reported.

The best action for the tester to take in this situation is C. Escalate the issue. Exfiltration of company information is a serious issue and should be reported to the appropriate authorities. The tester should immediately cease testing, document any relevant details, and report the issue to the client.

C is the best answer

The exfiltration of proprietary company information is a serious security breach that needs to be addressed immediately. Accepting payment to keep quiet would be unethical and could potentially make the penetration tester complicit in the illegal activity. Stopping the penetration test or checking the scoping document would not address the issue of the administrator's illegal activity. Including the discovery and interaction in the daily report would be appropriate, but it is not sufficient action to address the seriousness of the security breach. Therefore, the penetration tester should escalate the issue to the appropriate authorities, such as the company's security team or management, to ensure that the breach is investigated and resolved appropriately.

C is the answer for sure

cccccccccc