CompTIA PenTest+ (PT1-002) — Question 2

A penetration tester discovers that a web server within the scope of the engagement has already been compromised with a backdoor. Which of the following should the penetration tester do NEXT?

Answer options

• A. Forensically acquire the backdoor Trojan and perform attribution
• B. Utilize the backdoor in support of the engagement
• C. Continue the engagement and include the backdoor finding in the final report
• D. Inform the customer immediately about the backdoor

Correct answer: D

Explanation

The correct course of action is to inform the customer immediately about the backdoor, as it poses a significant security risk that they need to address. Options A, B, and C either involve further actions that could compromise the integrity of the engagement or delay necessary communication with the customer regarding a critical vulnerability.