CompTIA PenTest+ (PT0-002) — Question 126

A tester who is performing a penetration test discovers an older firewall that is known to have serious vulnerabilities to remote attacks but is not part of the original list of IP addresses for the engagement. Which of the following is the BEST option for the tester to take?

Answer options

• A. Segment the firewall from the cloud.
• B. Scan the firewall for vulnerabilities.
• C. Notify the client about the firewall.
• D. Apply patches to the firewall.

Correct answer: C

Explanation

The best course of action for the tester is to notify the client about the firewall, as it poses a security risk that was not previously acknowledged. Scanning or patching the firewall may not be appropriate without the client's consent, and segmenting it does not address the underlying vulnerabilities.