While performing a penetration test, you discover a backdoor account with a high level of privileges that does not correlate with any known user accounts managed by the organization's IT department. Additionally, this account has timestamps indicating off-hours activity, and several large data transfers to an external IP address not recognized by the organization. Where in your final report should this information be presented, and what is the primary purpose of including such details?
Summarize in the 'Executive Summary' section to propose immediate remediation actions
Include in the 'Findings' section to alert the organization to potential security breaches
Discuss in the 'Methodology' section to describe the penetration testing process used
Describe in the 'Scope Details' section to outline the limits of the penetration test