CompTIA PenTest+ (PT1-002) — Question 13

A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals. Which of the following should the tester do NEXT?

Answer options

• A. Reach out to the primary point of contact
• B. Try to take down the attackers
• C. Call law enforcement officials immediately
• D. Collect the proper evidence and add to the final report

Correct answer: A

Explanation

The correct action is to reach out to the primary point of contact to inform them about the situation. Attempting to take down the attackers (B) could interfere with ongoing investigations, while calling law enforcement (C) may not be appropriate without prior communication with the organization. Collecting evidence (D) is important but should follow notifying the contact for further instructions.