The correct answer is 'Inform the client of the finding and request a clarification on whether it should be included in the scope of the assessment'. Professional conduct dictates that penetration testers should only engage targets explicitly listed in the scope of work, regardless of the potential for these targets to represent significant security risks. By reporting the out-of-scope discovery to the client and requesting direction, the tester ensures they are not overstepping legal boundaries and maintains the trust relationship with the client. Immediately disconnecting from the network may be considered hasty and does not address the issue responsibly while running non-aggressive scans or documenting the finding without engaging the client overlooks professional communication and may lead to scope creep or unauthorized actions.