CompTIA PenTest+ (PT0-002) — Question 384

A penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet. Which of the following is the BEST action for the tester to take?

Answer options

• A. Check the scoping document to determine if exfiltration is within scope.
• B. Stop the penetration test.
• C. Escalate the issue.
• D. Include the discovery and interaction in the daily report.

Correct answer: C

Explanation

The best action for the tester is to escalate the issue, as it involves unethical behavior and potential legal implications. Checking the scoping document is irrelevant since the situation involves a breach of trust and ethical standards, while stopping the test or merely reporting it in a daily report does not adequately address the severity of the administrator's actions.