Which statement best describes exploitation phase risks?

During exploitation, you actively leverage vulnerabilities to gain access, and that process can disrupt or compromise systems. The best description of exploitation phase risks acknowledges multiple real dangers: triggering service or system crashes that destabilize or take services offline, exposing data during testing which can have legal and regulatory consequences, and the possibility of unintentionally accessing the wrong target if the scope isn’t clearly defined. This broad view fits because exploitation isn’t about a single risk; it’s about the potential impact on availability, confidentiality, and compliance. Saying the only risk is data exfiltration is too narrow, since systems can crash or become unstable and legal/privacy issues can arise from any exposed data. Claiming there’s no risk to the system is incorrect, as exploitation can directly affect availability and integrity. And asserting that exploitation guarantees system availability is simply false—exploitation often introduces the opposite risk, including downtime.