CompTIA PenTest+ PT0-002 Practice Question
During a penetration testing engagement, you discover evidence that suggests an active threat actor may currently be operating within the client's network. What is the most appropriate immediate action to take to maintain proper situational awareness and ensure the client is adequately informed?
Pause the penetration testing analysis and wait for the next regular communication interval to report the finding to the client.
Terminate the penetration test to avoid interference and allow internal security teams to handle the incident.
Immediately report the finding to the client's primary or emergency contact to ensure they are aware of the potential compromise.
Continue with the planned testing procedures to avoid tipping off the threat actor, and report the finding in the next scheduled update.