ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-002 All Questions

View all questions & answers for the PT0-002 exam
Go to Exam

Exam PT0-002 topic 1 question 171 discussion

Actual exam question from CompTIA's PT0-002
Question #: 171
Topic #: 1
[All PT0-002 Questions]

During the scoping phase of an assessment, a client requested that any remote code exploits discovered during testing would be reported immediately so the vulnerability could be fixed as soon as possible. The penetration tester did not agree with this request, and after testing began, the tester discovered a vulnerability and gained internal access to the system. Additionally, this scenario led to a loss of confidential credit card data and a hole in the system. At the end of the test, the penetration tester willfully failed to report this information and left the vulnerability in place. A few months later, the client was breached and credit card data was stolen. After being notified about the breach, which of the following steps should the company take NEXT?

  • A. Deny that the vulnerability existed
  • B. Investigate the penetration tester.
  • C. Accept that the client was right.
  • D. Fire the penetration tester.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by RRabbit_111 at Jan. 23, 2023, 8:39 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
surfuganda
7 months, 3 weeks ago
Selected Answer: B
A. Deny that the vulnerability existed. - INCORRECT Reason: Unethical B. Investigate the penetration tester. - CORRECT Reason: No other actions (including [C] or [D]) can be taken until all information including the pentester's motivations are fully understood. C. Accept that the client was right. - INCORRECT Reason: This could introduce legal liability for the breach, thus more information would be needed [B] prior to such acceptance. D. Fire the penetration tester. - INCORRECT Reason: Depending upon the locality, grounds for termination of employment may need to be firmly established, thus more information would be needed [B] prior to such action.
upvoted 1 times
...
RRabbit_111
1 year, 9 months ago
Selected Answer: B
B. Investigate the penetration tester. Explanation: The first step that the company should take is to investigate the penetration tester's actions to determine the cause of the failure to report the vulnerability and the subsequent loss of data. The company should also review their own policies and procedures to ensure that they are adequate to prevent such an incident from happening again in the future. Option A is not appropriate as the vulnerability existed and it's important to acknowledge it to prevent future breaches. Option C is not the correct action, as the company should investigate the reasons behind the failure to report the vulnerability. Option D is not the only step that the company should take, although it could be considered as part of the investigation if the penetration tester is found to have violated company policy or acted unethically.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago