During a penetration test, you discover evidence suggesting that an employee has been engaging in illegal activities using the company's network. Which of the following actions aligns best with professional conduct and legal responsibilities?
Confront the employee directly to investigate the matter further.
Immediately notify the primary or emergency contact designated by the client to relay your findings confidentially.
Ignore the findings as they are beyond the scope of the penetration test.
Turn off the affected systems to prevent any further illegal activity.