A company becomes concerned when the security alarms are triggered during a penetration test.
Which of the following should the company do NEXT?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
When security alarms are triggered during a penetration test, it indicates that there may be a security vulnerability or a weakness in the company's security system that could be exploited by an attacker. It is important for the company to take immediate action to investigate the alarm and address any potential security risks.
The correct next step for the company in this scenario is to conduct an incident response. An incident response is a process that organizations follow when a security incident occurs, with the goal of minimizing the damage caused by the incident and restoring normal operations as quickly as possible. During an incident response, the company should investigate the alarm to determine whether it is a legitimate threat or a false positive, and take appropriate action based on the findings.
Halting the penetration test (option A) is not the correct next step because it would leave the company vulnerable to real-world attacks. The purpose of a penetration test is to identify vulnerabilities and weaknesses in the company's security system so that they can be addressed before an attacker can exploit them. By halting the penetration test, the company would miss the opportunity to identify and address these vulnerabilities.
Deconflicting with the penetration tester (option C) is not the correct next step because it does not address the security risk that triggered the alarms. Deconfliction is a process used to ensure that the activities of the penetration tester do not interfere with the normal operations of the company. While deconfliction is an important step in conducting a penetration test, it is not a sufficient response to a security incident.
Assuming the alert is from the penetration test (option D) is not the correct next step because it could lead the company to ignore a legitimate security threat. While it is possible that the alarms were triggered by the penetration test, the company cannot assume this without conducting an investigation. Failing to investigate the alarm could leave the company vulnerable to real-world attacks.