During a network penetration test, a tester discovers a previously unknown host that was not listed in the Statement of Work (SoW). According to standard rules of engagement, what is the MOST appropriate immediate action?
Stop all activity related to the host, document the finding, and contact the client for guidance.
Perform only basic reconnaissance on the host to determine its function before proceeding.
Continue the engagement and perform a full vulnerability scan on the discovered host to provide extra value.
Ignore the host completely since it is out of scope and do not include it in the final report.
The rules of engagement (RoE) and Statement of Work (SoW) strictly define the scope of a penetration test. Any assets discovered that are not explicitly included in the documented scope are considered out-of-scope. The correct and most professional procedure is to cease all activity targeting the new asset, document its discovery, and immediately escalate to the client for guidance. This allows the client to decide whether to formally expand the scope. Proceeding with any level of scanning without explicit permission is a violation of the agreement and can have legal and operational consequences. Simply ignoring the host is also incorrect, as its presence may be a significant finding that the client needs to be aware of.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important to adhere to the scope of the contract during a penetration test?
Open an interactive chat with Bash
What are the potential risks of testing out-of-scope targets?
Open an interactive chat with Bash
How can a penetration tester handle the discovery of unexpected hosts during a test?