CompTIA PenTest+ PT0-002 Practice Question
During a penetration test, you identify an application vulnerability that could be exploited using a specific tool. However, the tool is known to sometimes cause service disruptions. The rules of engagement given by the client strictly forbids any actions that could lead to denial of service. What is the most appropriate course of action?
Use the tool but monitor the application closely and stop the test if any disruptions are detected.
Proceed with using the tool without informing the client, since identifying vulnerabilities is a higher priority.
Discuss the potential use of the tool with the client to obtain explicit permission or alternative instructions.
Use the tool during off-peak hours to minimize the risk of causing a denial of service.