Which of the following is the BEST action for the tester to take?

A penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet.

Which of the following is the BEST action for the tester to take?
A . Check the scoping document to determine if exfiltration is within scope.
B . Stop the penetration test.
C . Escalate the issue.
D . Include the discovery and interaction in the daily report.

View Answer

Answer: C

Explanation:

In a situation where illegal or unethical activity is discovered during an assessment, the appropriate course of action is to escalate the issue to the appropriate parties in the organization, such as management, or the person or team who hired the penetration tester. This ensures that those responsible for the organization’s security and compliance are aware of the situation and can take appropriate action.

A) Checking the scoping document won’t help in this situation. While the scoping document defines the boundaries for the penetration test, the discovery of illegal activity is outside the realm of a typical penetration test and needs to be handled differently.

B) Stopping the penetration test might not be necessary and doesn’t address the issue at hand, which is the discovered illicit activity and bribe attempt.

D) While including the discovery and interaction in the daily report is important, it is not sufficient. A situation as serious as this warrants immediate escalation.