CompTIA PenTest+ (PT0-002) — Question 221

A penetration tester who was exclusively authorized to conduct a physical assessment noticed there were no cameras pointed at the dumpster for the target company. The penetration tester returned at night and collected garbage that contained receipts for recently purchased networking equipment. The models of equipment purchased are vulnerable to attack.

Which of the following is the most likely NEXT step for the penetration tester?

Answer options

• A. Alert the target company of the discovered information.
• B. Verify the discovered information is correct with the manufacturer.
• C. Scan the equipment and verify the findings.
• D. Return to the dumpster for more information.

Correct answer: A

Explanation

The correct answer is A because the penetration tester has a responsibility to inform the target company about any potential security risks uncovered during their assessment. Options B and C involve verifying the details rather than informing the company, which is less urgent in this scenario. Option D suggests returning for more data, but the priority should be to alert the organization about the vulnerabilities identified.