During a penetration testing engagement, you discover evidence that suggests an active threat actor may currently be operating within the client's network. What is the most appropriate immediate action to take to maintain proper situational awareness and ensure the client is adequately informed?
Pause the penetration testing analysis and wait for the next regular communication interval to report the finding to the client.
Immediately report the finding to the client's primary or emergency contact to ensure they are aware of the potential compromise.
Terminate the penetration test to avoid interference and allow internal security teams to handle the incident.
Continue with the planned testing procedures to avoid tipping off the threat actor, and report the finding in the next scheduled update.
Option C is correct because reporting critical findings immediately to the client is crucial when active threats or compromises are discovered. It ensures situational awareness for both the tester and the client, making it possible to take necessary actions quickly to contain and mitigate any ongoing threat. Option A is incorrect because continuing testing without informing the client may exacerbate the situation and hinder the response to an ongoing incident. Option B is incorrect because pausing the analysis and waiting for a regular communication interval could delay the response to an active threat, potentially aggravating the situation. Option D is incorrect because terminating the test could prevent the identification of other threats and disrupt the collection of valuable information about the active threat actor's methods and objectives.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important to report findings immediately to the client during a penetration test?
Open an interactive chat with Bash
What are the potential consequences of not immediately informing the client about an active threat?
Open an interactive chat with Bash
What should penetration testers consider when preparing to report a finding to ensure effective communication?