CompTIA PenTest+ (PT0-002) — Question 32

A company becomes concerned when the security alarms are triggered during a penetration test.
Which of the following should the company do NEXT?

Answer options

• A. Halt the penetration test.
• B. Conduct an incident response.
• C. Deconflict with the penetration tester.
• D. Assume the alert is from the penetration test.

Correct answer: C

Explanation

The correct action is to clarify with the penetration tester to determine if the alarms are part of the test. Halting the test or conducting an incident response may not be necessary if the alerts are expected. Assuming the alerts are from the test without verification could lead to unnecessary actions or confusion.