CompTIA PenTest+ PT0-002 Practice Question
A penetration tester has been hired to conduct a security assessment for a large organization. During the engagement, they inadvertently gain access to a server hosting sensitive customer data that was not defined in the scope of work. Realizing the potential violation, what should the penetration tester do FIRST to mitigate the risk of criminal charges?
Delete any trace of their access to avoid getting caught
Continue testing to gather more information about the vulnerability
Secure the server to prevent any potential data leakage
Cease testing and report the incident to the hiring organization