Responsible Disclosure — CompTIA PenTest+ (PT0-002) Practice Questions
Responsible disclosure is the process by which a researcher or tester who discovers a vulnerability communicates that finding to the affected vendor or organization in a structured way that allows time for remediation before any public release of details. PT0-002 addresses responsible disclosure in the context of both internal findings reported to clients and situations where testers discover vulnerabilities in third-party software or services outside the original scope. Candidates must understand the ethical and contractual obligations that govern how sensitive findings are handled and when escalation is required.
Free questions on responsible disclosure
An organization has contracted a penetration tester to assess their web application. The tester discovers an unpatched SQL injection vulnerability in the login form. What should the tester do FIRST?
Free question · easy · full answer + explanation
What is the primary benefit of responsible disclosure?
Free question · easy · full answer + explanation
More responsible disclosure questions in the full bank
- You identify a critical vulnerability but are running out of test time. What action is correct? Unlock answer & explanation →
- What should you do if you discover a critical vulnerability outside the defined scope during testing? Unlock answer & explanation →
- What should be done with a penetration test report after completion? Unlock answer & explanation →