CompTIA PenTest+ (PT0-002) — Question 246

A red-team tester has been contracted to emulate the threat posed by a malicious insider on a company's network, with the constrained objective of gaining access to sensitive personnel files. During the assessment, the red-team tester identifies an artifact indicating possible prior compromise within the target environment. Which of the following actions should the tester take?

Answer options

• A. Perform forensic analysis to isolate the means of compromise and determine attribution.
• B. Incorporate the newly identified method of compromise into the red team’s approach.
• C. Create a detailed document of findings before continuing with the assessment.
• D. Halt the assessment and follow the reporting procedures as outlined in the contract.

Correct answer: D

Explanation

The correct answer is D because upon discovering evidence of a prior compromise, the tester must follow established protocols to report this finding, as it could indicate significant security issues that need immediate attention. Options A, B, and C are inappropriate as they suggest continuing the assessment without addressing the potential breach, which could lead to further risks and complications.