CompTIA PenTest+ (PT1-002) — Question 32

A red-team tester has been contracted to emulate the threat posed by a malicious insider on a company's network, with the constrained objective of gaining access to sensitive personnel files. During the assessment, the red-team tester identifies an artifact indicating possible prior compromise within the target environment. Which of the following actions should the tester take?

Answer options

• A. Perform forensic analysis to isolate the means of compromise and determine attribution.
• B. Incorporate the newly identified method of compromise into the red team's approach.
• C. Create a detailed document of findings before continuing with the assessment.
• D. Halt the assessment and follow the reporting procedures as outlined in the contract.

Correct answer: D

Explanation

The correct action is to halt the assessment and follow the reporting procedures outlined in the contract because discovering evidence of a potential prior compromise necessitates immediate reporting to ensure the integrity of the investigation. Performing forensic analysis, incorporating the compromise into the approach, or documenting findings without reporting could lead to overlooking critical security incidents or violating ethical guidelines.