CompTIA PenTest+ (PT0-002) — Question 105

A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals.
Which of the following should the tester do NEXT?

Answer options

• A. Reach out to the primary point of contact.
• B. Try to take down the attackers.
• C. Call law enforcement officials immediately.
• D. Collect the proper evidence and add to the final report.

Correct answer: A

Explanation

The correct course of action is to reach out to the primary point of contact to inform them of the critical situation, allowing them to take appropriate measures. Trying to take down the attackers or calling law enforcement may not be practical or necessary at this stage and could complicate the situation. Collecting evidence is important, but it should be done after notifying the appropriate parties to ensure the right steps are taken.