CompTIA PenTest+ (PT1-002) — Question 104

Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?

Answer options

• A. Analyze the malware to see what it does.
• B. Collect the proper evidence and then remove the malware.
• C. Do a root-cause analysis to find out how the malware got in.
• D. Remove the malware immediately.
• E. Stop the assessment and inform the emergency contact.

Correct answer: E

Explanation

The correct action is to stop the assessment and inform the emergency contact to ensure that the situation is handled properly and securely. Analyzing, collecting evidence, or attempting to remove the malware could compromise important data or worsen the situation without proper authorization and oversight.