CompTIA PenTest+ (PT0-002) — Question 240

A penetration tester requested, without express authorization, that a CVE number be assigned for a new vulnerability found on an internal client application. Which of the following did the penetration tester most likely breach?

Answer options

• A. ROE
• B. SLA
• C. NDA
• D. SOW

Correct answer: C

Explanation

The penetration tester likely breached the NDA (Non-Disclosure Agreement) since this type of agreement typically prohibits sharing sensitive information, like vulnerabilities, without permission. The other options, such as ROE (Rules of Engagement), SLA (Service Level Agreement), and SOW (Statement of Work), are less relevant to the disclosure of vulnerabilities without authorization.