ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-002 All Questions

View all questions & answers for the PT0-002 exam
Go to Exam

Exam PT0-002 topic 1 question 108 discussion

Actual exam question from CompTIA's PT0-002
Question #: 108
Topic #: 1
[All PT0-002 Questions]

A penetration tester is reviewing the following SOW prior to engaging with a client.
`Network diagrams, logical and physical asset inventory, and employees' names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client's Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner.`
Based on the information in the SOW, which of the following behaviors would be considered unethical? (Choose two.)

  • A. Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection
  • B. Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the engagement.
  • C. Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client's senior leadership team.
  • D. Seeking help with the engagement in underground hacker forums by sharing the client's public IP address
  • E. Using a software-based erase tool to wipe the client's findings from the penetration tester's laptop.
  • F. Retaining the SOW within the penetration tester's company for future use so the sales team can plan future engagements
Show Suggested Answer Hide Answer
Suggested Answer: CD 🗳️
by ryanzou at Sept. 28, 2022, 2:09 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Neolot
Highly Voted 2 years, 3 months ago
Selected Answer: CD
C and D is the correct answer for this
upvoted 10 times
...
deeden
Most Recent 10 months, 4 weeks ago
Selected Answer: DF
I vote D and F as unethical. I feel like option C is more on the lines of incompetence rather than unethical.
upvoted 1 times
deeden
10 months, 4 weeks ago
Okay, I retract my answer and change to C and D. Thanks for the clarification.
upvoted 1 times
...
...
solutionz
1 year, 6 months ago
Selected Answer: CD
Based on the information in the Statement of Work (SOW), the following two behaviors would be considered unethical: C. Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client's senior leadership team - Withholding information about critical vulnerabilities would be a clear breach of ethical responsibility. The penetration tester is obligated to share all relevant findings with the client. D. Seeking help with the engagement in underground hacker forums by sharing the client's public IP address - This action would likely violate confidentiality agreements and professional ethical standards. Sharing client information, including IP addresses, on untrusted forums would potentially expose the client to malicious actors. The other options do not appear to be directly in conflict with the stipulations in the SOW, and thus would not inherently be considered unethical based on the provided information.
upvoted 1 times
...
nickwen007
1 year, 11 months ago
D and C would be considered unethical behaviors. Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection is not considered unethical, as long as the tester has the proper access or permissions. Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the engagement is also not considered unethical. Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client's senior leadership team is unethical, as it is important for the client to be aware of potential security risks. Seeking help with the engagement in underground hacker forums by sharing the client's public IP address is also unethical, as it puts the client at risk of attack.
upvoted 3 times
...
kloug
1 year, 11 months ago
c,d correct
upvoted 2 times
...
shakevia463
2 years ago
Selected Answer: CD
`Network diagrams, logical and physical asset inventory, and employees' names are to be treated as client confidential
upvoted 3 times
...
shakevia463
2 years ago
`Network diagrams, logical and physical asset inventory, and employees' names are to be treated as client confidential
upvoted 1 times
...
2Fish
2 years ago
C and D are correct.
upvoted 3 times
...
ryanzou
2 years, 4 months ago
One question, why D is not correct
upvoted 2 times
ryanzou
2 years, 4 months ago
I think CD are correct
upvoted 7 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel