CompTIA PenTest+ (PT0-002) — Question 81

A company provided the following network scope for a penetration test:

• 169.137.1.0/24
• 221.10.1.0/24
• 149.14.1.0/24

A penetration tester discovered a remote command injection on IP address 149.14.1.24 and exploited the system. Later, the tester learned that this particular IP address belongs to a third party. Which of the following stakeholders is responsible for this mistake?

Answer options

• A. The company that requested the penetration test
• B. The penetration testing company
• C. The target host's owner
• D. The penetration tester
• E. The subcontractor supporting the test

Correct answer: A

Explanation

The correct answer is A because the company that requested the penetration test provided the scope, which included the vulnerable IP address. The responsibility lies with them for not properly defining or understanding their network boundaries. The other options are incorrect as they either pertain to the execution of the test or the ownership of the target, which do not absolve the company of their responsibility in defining the test parameters.