CompTIA PenTest+ (PT0-001) — Question 125

An organization has requested that a penetration test be performed to determine if it is possible for an attacker to gain a foothold on the organization's server segment. During the assessment, the penetration tester identifies tools that appear to have been left behind by a prior attack. Which of the following actions should the penetration tester take?

Answer options

• A. Attempt to use the remnant tools to achieve persistence.
• B. Document the presence of the left-behind tools in the report and proceed with the test.
• C. Remove the tools from the affected systems before continuing on with the test.
• D. Discontinue further testing and report the situation to management.

Correct answer: B

Explanation

The correct answer is B because documenting the presence of the tools is crucial for understanding the security posture of the organization and provides valuable information for future remediation efforts. Attempting to use the tools (A) could compromise the integrity of the test, while removing them (C) may interfere with the assessment. Discontinuing testing (D) could prevent the identification of further vulnerabilities.