CompTIA PenTest+ (PT0-001) — Question 196
During testing, a critical vulnerability is discovered on a client's core server. Which of the following should be the NEXT action?
Answer options
- A. Disable the network port of the affected service.
- B. Complete all findings, and then submit them to the client.
- C. Promptly alert the client with details of the finding.
- D. Take the target offline so it cannot be exploited by an attacker.
Correct answer: C
Explanation
The correct action is to promptly alert the client with details of the finding, as they need to be informed of critical vulnerabilities immediately to take appropriate action. Disabling the network port or taking the target offline may help but does not directly inform the client, while waiting to submit all findings could delay necessary responses to the vulnerability.