During a penetration test, you uncover evidence that suggests an employee of the client company may be involved in illegally selling customer data. What is your immediate course of action following this discovery?
Continue monitoring the employee's activities to collect additional evidence.
Immediately report the findings to the organization's point of contact.
Ignore the evidence as it is outside the scope of the penetration test.
Confront the employee to gather more information before reporting.
The correct course of action is to immediately report the potential criminal activity to your point of contact within the organization. Penetration testers have a duty to maintain professionalism and integrity, which includes identifying and reporting criminal activity. While further investigation may be compelling, acting upon this impulse could interfere with legal proceedings and the chain of custody for evidence.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important to report findings to the point of contact immediately?
Open an interactive chat with Bash
What could happen if I confront the employee instead of reporting?
Open an interactive chat with Bash
What responsibilities do penetration testers have regarding ethical concerns?