While conducting a penetration test against the /24 network range explicitly authorized in the contract, you discover an unsecured FTP service whose IP address belongs to an external third-party vendor that was never mentioned during scoping. According to ethical hacking concepts and professional conduct, what action should you take next?
Contact the vendor directly, obtain verbal permission, and then resume testing the discovered server.
Notify the client immediately and request written authorization before performing any further testing against the vendor's system.
Proceed to exploit the FTP server only enough to capture evidence of the vulnerability.
Ignore the finding and continue testing the originally scoped IP addresses.
Because the vendor-owned system is outside the written scope, any interaction beyond the discovery phase would be unauthorized hacking. Ethical hacking principles and common rules of engagement require that the tester halt activity on the out-of-scope target and obtain explicit, preferably written, permission before proceeding. Simply exploiting the server, ignoring the host, or seeking oral permission from the vendor all violate the requirement that testing occur only on assets specifically approved by the client in advance.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is written authorization required before testing systems outside the scope?
Open an interactive chat with Bash
What are the consequences of testing systems outside the defined scope without proper authorization?
Open an interactive chat with Bash
How does scoping impact ethical hacking engagements?
Open an interactive chat with Bash
Why is written authorization necessary before testing a third-party system?
Open an interactive chat with Bash
What does '/24 network range' mean in this context?
Open an interactive chat with Bash
What should you do if an unauthorized system accidentally falls into scope during testing?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Information Security and Ethical Hacking Overview
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .