Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Comptia Discussions

Exam PT0-002 topic 1 question 206 discussion

Actual exam question from CompTIA's PT0-002
Question #: 206
Topic #: 1
[All PT0-002 Questions]

A company provided the following network scope for a penetration test:

• 169.137.1.0/24
• 221.10.1.0/24
• 149.14.1.0/24

A penetration tester discovered a remote command injection on IP address 149.14.1.24 and exploited the system. Later, the tester learned that this particular IP address belongs to a third party. Which of the following stakeholders is responsible for this mistake?

  • A. The company that requested the penetration test
  • B. The penetration testing company
  • C. The target host's owner
  • D. The penetration tester
  • E. The subcontractor supporting the test
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Hskwkhfb at Dec. 6, 2022, 11:32 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
j904
1 month ago
Selected Answer: D
D. makes logical sense
upvoted 1 times
...
Myfeedins479
1 month, 1 week ago
Selected Answer: D
In chapter one of the All-in-One guide, under governance, Risk, and Compliance and Permission to Test, "Pentesters must do their own due diligence to verify that the person who is requesting the testing has authority over tested assets in order to approve the test or that additional permission has been acquired."
upvoted 1 times
...
mehewas855
5 months, 1 week ago
Selected Answer: D
If lets say, company asks the pentester to hack google, even without any authority over that domain, pentester should still verify, that the domain is companies property and the person, that signed the document is legally entitled to sign it. Plus what Natthew99 said, its from the book
upvoted 2 times
...
Natthew99
7 months, 1 week ago
going with D - the All in One book says something like "pentester must do their own due diligence to verify that the person requesting the testing has authority over the assets to approve the test and that any additional permissions have been acquired."
upvoted 4 times
...
solutionz
9 months, 2 weeks ago
Selected Answer: A
In a penetration testing scenario, the company requesting the test should provide accurate and clear scope, including the range of IP addresses that are to be tested. If an IP address is within the scope defined by the client and later turns out to be a third-party system, the responsibility for that mistake falls on the company that defined the scope. So, the correct answer is: A. The company that requested the penetration test
upvoted 4 times
...
KingIT_ENG
1 year, 2 months ago
A is the answer
upvoted 4 times
...
[Removed]
1 year, 2 months ago
A is the correct answer The company that requested the penetration test
upvoted 2 times
...
[Removed]
1 year, 2 months ago
I think A is correct
upvoted 2 times
...
cy_analyst
1 year, 2 months ago
Selected Answer: B
The responsible stakeholder for this mistake is the penetration testing company. Penetration testers are responsible for verifying the scope of their testing and ensuring that they have permission to test all systems in the specified range. They should have confirmed the ownership of the IP address before conducting any testing, and if there was any doubt, they should have raised the issue with the company that requested the penetration test. In this scenario, the fact that the IP address belonged to a third party indicates that the penetration tester did not conduct adequate reconnaissance or validation of the IP addresses before testing them. This oversight is the responsibility of the penetration testing company.
upvoted 2 times
KingIT_ENG
1 year, 2 months ago
I think A is correct
upvoted 1 times
...
cy_analyst
1 year, 1 month ago
I think the lesson here is to not scan and exploit any ip address they give us, recon first and then accept.
upvoted 2 times
...
cy_analyst
1 year, 1 month ago
Just careful whose ip you scan even if behind it is a company because a company has friends and also enemies.
upvoted 1 times
...
[Removed]
1 year, 2 months ago
Why not A?
upvoted 1 times
...
...
[Removed]
1 year, 3 months ago
A 100% sure
upvoted 2 times
...
2Fish
1 year, 3 months ago
Selected Answer: A
A, for sure. The company/client requesting the Pen Test is responsible.
upvoted 3 times
...
ronniehaang
1 year, 4 months ago
Selected Answer: A
149.14.1.24 is part of the network scope (149.14.1.0/24)
upvoted 4 times
...
Hskwkhfb
1 year, 5 months ago
Isn't it D?
upvoted 2 times
Orean
1 year, 2 months ago
The penetration-tester isn't responsible for defining the scope of acceptable IPs; the client is. The company should've known it was a third-party IP before contracting the pentester to attack it.
upvoted 2 times
[Removed]
1 year, 2 months ago
A is correct
upvoted 2 times
...
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel