Exam PT0-003 Topic 1 Question 312 Discussion

Actual exam question for CompTIA's PT0-003 exam
Question #: 312
Topic #: 1
A penetration tester requested, without express authorization, that a CVE number be assigned for a new vulnerability found on an internal client application. Which of the following did the penetration tester most likely breach?

Suggested Answer: A Vote an answer

ROE stands for Rules of Engagement, which are the guidelines and limitations that define the scope, objectives, and methods of a penetration testing engagement. ROE should be agreed upon by both the client and the tester before the testing begins, and they should include the authorization to perform certain actions, such as requesting CVE numbers, disclosing vulnerabilities, or exploiting systems. By requesting a CVE number without express authorization, the penetration tester most likely breached the ROE and violated the client's trust and expectations. References:
*The Official CompTIA PenTest+ Study Guide (Exam PT0-002), Chapter 1: Planning and Scoping Penetration Tests, page 23-24.
*CVE - CVE1
*NDA, MSA, SOW and SLA. Confidentiality agreements when you outsource QA

by Gloria at Aug 03, 2024, 03:27 PM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10