CompTIA PenTest+ (PT0-002) — Question 451

Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?

Answer options

• A. Analyze the malware to see what it does.
• B. Collect the proper evidence and then remove the malware.
• C. Do a root-cause analysis to find out how the malware got in.
• D. Remove the malware immediately.
• E. Stop the assessment and inform the emergency contact.

Correct answer: E

Explanation

The correct answer is E because it is essential to stop the assessment to prevent further damage and to inform the appropriate personnel. Analyzing, collecting evidence, or removing the malware could compromise the investigation and violate protocols. Immediate communication with the emergency contact is crucial in a compromised situation.