A penetration tester has gained access to a network device t

A penetration tester has gained access to a network device t - CompTIA Pentest+ PT0-003

Question

A penetration tester has gained access to a network device that has a previously unknown IP range on an interface. Further research determines this is an always-on VPN tunnel to a third-party supplier.
Which of the following is the BEST action for the penetration tester to take?

Answers

Utilize the tunnel as a means of pivoting to other internal devices.
Disregard the IP range, as it is out of scope.
correct

Stop the assessment and inform the emergency contact.
Scan the IP range for additional systems to exploit.

Explanation

Correct Answer: C. Stop the assessment and inform the emergency contact.

During a penetration test, encountering a previously unknown, always-on VPN tunnel to a third-party supplier introduces significant ethical, legal, and scope-related concerns. The best course of action is to immediately stop testing and report the discovery to the client’s designated emergency contact.

Why?

Scope Limitations
- The third-party supplier's network is likely out of scope for the engagement.
- Testing beyond agreed-upon boundaries could violate legal agreements.
Potential Legal Consequences
- Unauthorized access to a third-party network could be considered an unauthorized attack, even if accidental.
- The penetration tester could be held legally accountable for any disruptions or data access.
Ethical and Professional Responsibility
- A penetration tester should always follow the agreed-upon rules of engagement (ROE).
- Continuing without approval breaches professional and ethical guidelines.

Why the Other Options Are Incorrect:

Utilize the tunnel as a means of pivoting to other internal devices.

Illegal and unethical → Unauthorized access to a third-party supplier.
Violates scope → Could result in legal action against both the tester and the client.
Not a valid option in a professional penetration test.

Disregard the IP range, as it is out of scope.

While ignoring out-of-scope assets is usually best practice, this discovery is critical.
The VPN tunnel may pose a security risk and must be reported to the client.
Ignoring it completely is irresponsible and does not inform the client of a potential security issue.

Scan the IP range for additional systems to exploit.

Violates the rules of engagement by targeting third-party infrastructure.
Could cause legal and reputational damage to both the penetration tester and the client.
Scanning an unauthorized network is an ethical violation and a potential cybercrime.

View Full Course Content Try our Free Questions

No Payment Cards Needed

CompTIA Pentest+ exam

Normally $69

$45/month

Subjects Included

CompTIA Pentest+

Additional Features

Over 300 Practice Questions with Answers
Quizzes in every Lesson Provided
Detailed Analysis of Questions with Answers and Explanations
Detailed Notes with Chapters, Topics & Lessons
24/7 Live chat support
24/7 WhatsApp support
One Full Month Access

Get Started

View Other Pricing Plans

CompTIA Prep

CompTIA Cloud+ CV0-004

Start Course Prep

CompTIA Prep

CompTIA Server+ SK0-005

Start Course Prep

Easy way to pass your test within a week with prepsaret

You don’t need one month to study and pass your test.
With Prepsaret, it takes you a few days to grasp all the concepts needed to pass your exams

View Courses Offered