The correct answer is B. Securely destroy or remove all engagement-related data from testing systems.
At the end of a penetration test, the tester must protect client confidentiality by securely handling all artifacts generated during the engagement. These artifacts may include screenshots, scan results, exploit output, credentials, hashes, reports, packet captures, copied files, logs, notes, and any other client-related evidence.
Securely destroying or removing engagement-related data from the tester’s systems is the best procedure for maintaining client data privacy because it reduces the risk of unauthorized disclosure after the engagement is complete.
A is incorrect because removing configuration changes and deployed tools is part of cleanup on client systems, but it does not fully address client data privacy on the tester’s own systems.
C is incorrect because searching configuration files for credentials is too narrow. Client-sensitive data can exist in many places, not only in configuration files.
D is incorrect because shutting down command-and-control or attacker infrastructure is part of post-engagement cleanup, but it does not directly ensure that client data collected during the test is securely removed.
In PenTest+ terms, this aligns with Reporting and Communication, especially post-engagement activities, evidence handling, data retention, secure disposal, and maintaining client confidentiality.
