CompTIA PenTest+ (PT0-002) — Question 397

A penetration tester has gained access to a network device that has a previously unknown IP range on an interface. Further research determines this is an always-on VPN tunnel to a third-party supplier.
Which of the following is the BEST action for the penetration tester to take?

Answer options

• A. Utilize the tunnel as a means of pivoting to other internal devices.
• B. Disregard the IP range, as it is out of scope.
• C. Stop the assessment and inform the emergency contact.
• D. Scan the IP range for additional systems to exploit.

Correct answer: C

Explanation

The correct action is to stop the assessment and inform the emergency contact because the always-on VPN tunnel indicates a potential security risk with third-party access. Utilizing the tunnel or scanning the IP range could lead to unauthorized actions, while disregarding it ignores a significant finding that could impact the organization's security posture.