Exam PT1-002 topic 1 question 17 discussion

C & D would be correct

C and D. Can't be E, as the SOW specifically tells the Pentester to wipe the data once done. F is doubtful since a SOW shouldn't have sensitive information; keeping a SOW implies the Pentester(s) will come back later for a re-assessment.

NOT A) because: in your penetration test can use all tool you are authorized to use. NOT B) because: that's ethical, not "unethical" NOT F) because: SOW it's just a document between parts, you can use it to plan future engagements. That's not unethical. it's D) because: If i ask help in underground hackers forum, sharing the public IP address, I'm sharing information about my client. Information about my client is not only "the IP address" but the question, the answer I can receive and all data and metadata about this situation. If the forum community know that Facebook is doing a pentest in night hours, maybe someone can suppose to attack facebook hiding their actions "like a pentest". That's really not ethical and without professionalism; could be illegal too violating NDA.

This is definitely C and D

Thought of CD

C D That's correct.

You need to base your answers off the provided SOW, the only ones that directly go against it are C & D.

People use gold disc images to erase / format and rebuild laptops all the time. If it is secret or above you can technically get the client to pay for the hard drive and you add that onto the cost but we usually just software erase.

C and D. F is doubtful since a SOW shouldn't have sensitive information

Are these two actions unethical? C: Failing to share with the client critical vulnerabilities on purpose F: Retaining the SOW in breach of the terms. Both are, in my mind

C & E. How can it be D? It is the public IP address. Anyone and everyone knows a company's public IP, plus the question never says anything about not sharing the public IP. D certainly does sound shady, but this is no different than consulting Shodan for recon against the public IP address. E could potentially retain sensitive information, and pentesters would have no reason to keep this as a new SOW will be drafted at each arrangement.

correct answer d and f

C, is surely correct, now D sounds unethical and shady but the question specifically asks to answer based on the information in the specific SOW. So I think that E is also correct. I will go with C and E.

The answer is not right. I would go with D and F. With D, Data is being exposed to a third-party which is against the agreement. And for F, retaining the SOW will be similar to keeping a copy of the data the client terms to be confidential, and since the instruction was to get rid of everything in a secure manner, not getting rid of the SOW will be a breach of that article.