🔥 3-day streak
CompTIA SecurityX (CAS-005)69 / 120
Question 69 of 120

A financial services firm hires an external red team to conduct a penetration test against its customer-facing web application. Midway through the engagement, the testers discover that the application shares a database backend with an internal HR system that was explicitly excluded from the signed scope. The testers realize they could pivot to the HR data through a SQL injection flaw. What is the MOST appropriate action for the red team to take?

Reviewed for accuracy · Report an issueNext question