CompTIA PenTest+ (PT0-001) — Question 159

A client's systems administrator requests a copy of the report from the penetration tester, but the systems administrator is not listed as a point of contact or signatory. Which of the following is the penetration tester's BEST course of action?

Answer options

• A. Send the report since the systems administrator will be in charge of implementing the fixes.
• B. Send the report and carbon copy the point of contact/signatory for visibility.
• C. Reply and explain to the systems administrator that proper authorization is needed to provide the report.
• D. Forward the request to the point of contact/signatory for authorization.

Correct answer: C

Explanation

The correct action is to explain to the systems administrator that they require proper authorization to access the report, as it protects the confidentiality and integrity of the information. Sending the report without authorization or merely involving the signatory does not ensure compliance with security protocols. Forwarding the request for approval is also not the best immediate response, as it doesn't clarify the authorization issue directly.