CompTIA PenTest+ (PT0-001) — Question 100

A company planned for and secured the budget to hire a consultant to perform a web application penetration test. Upon discovering vulnerabilities, the company asked the consultant to perform the following tasks:
✑ Code review
✑ Updates to firewall settings
Which of the following has occurred in this situation?

Answer options

• A. Scope creep
• B. Post-mortem review
• C. Risk acceptance
• D. Threat prevention

Correct answer: A

Explanation

The situation describes scope creep because the company expanded the original agreement by requesting additional tasks beyond the initial penetration testing. The other options do not apply here, as a post-mortem review involves analyzing completed projects, risk acceptance is agreeing to accept certain risks without further action, and threat prevention refers to measures to stop threats before they occur.