A penetration tester was conducting a penetration test and discovered the network traffic was no longer reaching the client's IP address.
The tester later discovered the SOC had used sinkholing on the penetration tester's IP address.
Which of the following BEST describes what happened?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The correct answer is B. The planning process failed to ensure all teams were notified.
Explanation: Sinkholing is a technique used to redirect network traffic from a specific IP address or a range of IP addresses to a specific destination, often used as a security measure to block malicious traffic. In this scenario, the SOC (Security Operations Center) has used sinkholing on the penetration tester's IP address, which means that any traffic sent to the tester's IP address will be redirected to another destination, effectively blocking the tester's access.
The fact that the penetration tester's traffic was blocked indicates that there was a breakdown in communication and coordination between the teams involved in the penetration testing. The SOC should have been informed about the penetration testing activity and provided with a list of IP addresses that would be used during the testing, including the IP address of the penetration tester. If the SOC had been properly notified, they would not have used sinkholing on the tester's IP address, and the tester would have been able to continue with the testing.
Therefore, the correct answer is B. The planning process failed to ensure all teams were notified.