Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA Exam PT0-002 Topic 4 Question 61 Discussion

Actual exam question for CompTIA's PT0-002 exam
Question #: 61
Topic #: 4
[All PT0-002 Questions]

A penetration tester discovers passwords in a publicly available data breach during the reconnaissance phase of the penetration test. Which of the following is the best action for the tester to take?

Show Suggested Answer Hide Answer
Suggested Answer: C

Upon discovering passwords in a publicly available data breach during the reconnaissance phase, the most ethical and constructive action for the penetration tester is to contact the client and inform them of the breach. This approach allows the client to take necessary actions to mitigate any potential risks, such as forcing password resets or enhancing their security measures. Adding the passwords to a report appendix (option A) without context or action could be seen as irresponsible, while doing nothing (option B) neglects the tester's duty to inform the client of potential threats. Using the passwords in a credential stuffing attack (option D) without explicit permission as part of an agreed testing scope would be unethical and potentially illegal.


by Karrie at Jul 11, 2024, 07:53 AM

Limited Time Offer

25%

Off

Get Premium PT0-002 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Moon
11 months ago
Why would anyone even consider D? That's like robbing a bank to test their security.
upvoted 0 times
...
Brock
11 months ago
B is the right choice. Using those passwords would just be wrong, even for a test.
upvoted 0 times
Stephen
11 months ago
A) Add the passwords to an appendix in the penetration test report.
upvoted 0 times
...
Francoise
11 months ago
C) Contact the client and inform them of the breach.
upvoted 0 times
...
Venita
11 months ago
C) Contact the client and inform them of the breach.
upvoted 0 times
...
Sheridan
11 months ago
A) Add the passwords to an appendix in the penetration test report.
upvoted 0 times
...
...
Lajuana
12 months ago
Even if they get upset, it's still the right thing to do. It's about ethics and trust.
upvoted 0 times
...
Providencia
12 months ago
But what if the client gets upset that the passwords were found in the first place?
upvoted 0 times
...
Domingo
1 years ago
I agree with Lajuana. It's important to be transparent with the client.
upvoted 0 times
...
Abel
1 years ago
Definitely not D! Credential stuffing is a big no-no. We're here to test, not cause harm.
upvoted 0 times
Bambi
12 months ago
C) Contact the client and inform them of the breach.
upvoted 0 times
...
Shizue
12 months ago
A) Add the passwords to an appendix in the penetration test report.
upvoted 0 times
...
...
Lajuana
1 years ago
I think the best action is to contact the client and inform them of the breach.
upvoted 0 times
...
Marjory
1 years ago
Option C is the way to go! Informing the client about the breach is the responsible thing to do.
upvoted 0 times
Nan
11 months ago
C) Contact the client and inform them of the breach.
upvoted 0 times
...
Johnna
11 months ago
That's a good idea. Transparency is key in these situations.
upvoted 0 times
...
Murray
11 months ago
A) Add the passwords to an appendix in the penetration test report.
upvoted 0 times
...
Royal
11 months ago
C) Contact the client and inform them of the breach.
upvoted 0 times
...
...

Save Cancel