Exam PT0-002 topic 1 question 17 discussion

Answer: B. The planning process failed to ensure all teams were notified. Example: The penetration tester was unaware that the SOC had set up sinkholing on his IP address and was blocked from accessing the client's IP address because the SOC team was not notified of the penetration test.

Sinkholing is a practice where traffic is redirected away from its original destination, often to a benign location, in response to suspicious or malicious activity. In the context of a penetration test, if the Security Operations Center (SOC) has sinkholed the penetration tester's IP address, it could indicate that the SOC was not properly informed of the authorized testing. Therefore, the most likely explanation for this occurrence is that there was a failure in the planning process to ensure that all relevant teams were properly notified of the upcoming penetration test. The correct answer to this question would be: B. The planning process failed to ensure all teams were notified.

B. Either the teams was not made aware by accident and corrective action was taken by the SOC, OR the team was intentionally left in the dark in the case of red vs. blue / purple teaming exercises. I guess based on the fact that the pentester is surprised, it would only make sense that the SOC was not made aware. :)

I choose D

Sinkholing is a security technique used to redirect malicious traffic away from its intended target. It involves creating a “black hole” of sorts by setting up a network of servers that will intercept and discard any packets sent to an IP address associated with malicious activity. This helps to prevent the malicious traffic from reaching its destination, thus reducing the impact of the attack.

Answer is B. In a real world scenario, clients loved to test the ability of their SOCs to detect their PenTesters. Easiest way to was not inform them.