Certified Ethical Hacker (CEH v10) — Question 185

You are performing a penetration test. You achieved access via a buffer overflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator's bank account password and login information for the administrator's bitcoin account. What should you do?

Answer options

• A. Do not report it and continue the penetration test.
• B. Transfer money from the administrator's account to another account.
• C. Do not transfer the money but steal the bitcoins.
• D. Report immediately to the administrator.

Correct answer: D

Explanation

The correct answer is D because ethical guidelines dictate that any sensitive information discovered during a penetration test should be reported to the appropriate parties. Options A, B, and C involve unethical behavior and could lead to legal consequences, as they suggest not reporting or misusing the sensitive data found.