CompTIA PenTest+ (PT0-001) — Question 14

Which of the following situations would cause a penetration tester to communicate with a system owner/client during the course of a test? (Select TWO.)

Answer options

• A. The tester discovers personally identifiable data on the system.
• B. The system shows evidence of prior unauthorized compromise.
• C. The system shows a lack of hardening throughout.
• D. The system becomes unavailable following an attempted exploit.
• E. The tester discovers a finding on an out-of-scope system.

Correct answer: B, D

Explanation

The correct answers are B and D. B is correct because evidence of prior unauthorized compromise could indicate a significant security issue that needs immediate attention. D is also correct as the unavailability of the system following an attempted exploit can indicate a critical failure that should be communicated to the system owner. Options A, C, and E do not require immediate communication because they do not present urgent risks or breaches that necessitate the system owner's involvement during the test.