During a network penetration test, a tester discovers a previously unknown host that was not listed in the Statement of Work (SoW). According to standard rules of engagement, what is the MOST appropriate immediate action?
Continue the engagement and perform a full vulnerability scan on the discovered host to provide extra value.
Ignore the host completely since it is out of scope and do not include it in the final report.
Perform only basic reconnaissance on the host to determine its function before proceeding.
Stop all activity related to the host, document the finding, and contact the client for guidance.
The rules of engagement (RoE) and Statement of Work (SoW) strictly define the scope of a penetration test. Any assets discovered that are not explicitly included in the documented scope are considered out-of-scope. The correct and most professional procedure is to cease all activity targeting the new asset, document its discovery, and immediately escalate to the client for guidance. This allows the client to decide whether to formally expand the scope. Proceeding with any level of scanning without explicit permission is a violation of the agreement and can have legal and operational consequences. Simply ignoring the host is also incorrect, as its presence may be a significant finding that the client needs to be aware of.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Statement of Work (SoW) in penetration testing?
Open an interactive chat with Bash
What are Rules of Engagement (RoE) in a penetration test?
Open an interactive chat with Bash
Why is scanning out-of-scope assets without permission a problem?