CompTIA PenTest+ PT0-002 Practice Question
As a penetration tester, you are preparing to engage in a security assessment of a client's web application. The client has emphasized the importance of adhering to a strict schedule and minimizing downtime. You have reviewed the statement of work and confirmed the target endpoints that require testing. To ensure professional integrity, what would be the MOST appropriate course of action when you discover a potentially destructive test that could cause significant downtime?
Refrain from performing the test and document the decision, notifying the client of the potential risk associated with the test.
Run the test during off-peak hours to reduce the potential impact on the application's normal operation.
Perform the test but limit its scope to a non-production environment that is not covered in the statement of work.
Proceed with the potentially destructive test only after creating a complete backup of the application.