CompTIA PenTest+ (PT1-002) — Question 65

A penetration tester exploited a unique flaw on a recent penetration test of a bank. After the test was completed, the tester posted information about the exploit online along with the IP addresses of the exploited machines. Which of the following documents could hold the penetration tester accountable for this action?

Answer options

• A. ROE
• B. SLA
• C. MSA
• D. NDA

Correct answer: D

Explanation

The Non-Disclosure Agreement (NDA) is the document that would hold the penetration tester accountable for disclosing sensitive information, such as the exploit details and IP addresses. The other options, like ROE (Rules of Engagement), SLA (Service Level Agreement), and MSA (Master Service Agreement), do not specifically address confidentiality in the same manner as an NDA.