Exam PT0-002 topic 1 question 36 discussion

A. Reach out to the primary point of contact The tester should immediately reach out to the primary point of contact (often known as the incident response team) to inform them of the ongoing attack. This will allow the organization to take immediate action to mitigate the attack and prevent further damage. The primary point of contact would be responsible for coordinating the incident response, including notifying other stakeholders, such as legal department, IT department, and management, about the incident. It's important to note that trying to take down the attackers, even if it's a valid option, should be done by experts and not by a penetration tester, and it's the incident response team responsibility, not the tester's. Calling law enforcement officials immediately would be a good idea, but the primary point of contact should be informed first. Finally, collecting the proper evidence and adding it to the final report is crucial, as it can be used to identify the attackers and assist in any legal action that may be taken against them. However, the main priority should be to stop the ongoing attack.

In a situation where a critical vulnerability is being actively exploited, immediate communication with the client is paramount. The penetration tester's responsibility is to inform the client so they can take necessary action, not to engage with attackers or law enforcement directly. So, the correct next step would be: A. Reach out to the primary point of contact.