Free Top CompTIA Pentest+ PT0-003 Actual Exam Questions - Question 4 Discussion
communications. During which of the following activities should the penetration tester discuss this
issue with the client?
Maybe D fits best here since the WAF issue impacts multiple stakeholders, not just the tester or one team. Getting everyone on the same page can help decide the next steps properly.
I’m thinking client acceptance (C) might be important here since that’s when you confirm the test scope and any known blockers like a WAF. Shouldn't this be cleared before testing starts?
D The WAF blocking might affect multiple teams or project aspects, so aligning stakeholders early can prevent bigger issues down the line instead of just tweaking goals alone.
A/D? I’m thinking you’d want to sort this out as soon as the issue comes up, which feels like goal reprioritization (A). But maybe stakeholder alignment (D) too, since the WAF blocking could affect more than just goals—it impacts who needs to be involved in decisions or adjustments. Definitely not peer review or client acceptance since those are earlier or unrelated steps. The WAF issue is a blocker that requires quick discussion and possibly changing scope or rules of engagement.
Probably A, since adjusting goals fits when blockers like the WAF pop up mid-test.
A. It’s best to flag issues like WAF blocking during goal reprioritization since you might need to adjust the testing scope or methods based on what’s actually possible.
Maybe A, since reprioritizing goals fits when blockers come up during testing.
I think it makes sense to bring this up during C, client acceptance. That’s when you talk through the scope and limitations with the client upfront. If a WAF is blocking scans, it’s a big deal that could alter what’s possible, so flagging it early helps avoid surprises later. Wouldn't waiting for alignment or reprioritization be too late since the scan is already blocked?
D, because stakeholders need to know blockers early for alignment.
A