nerdexam
(ISC)2

CISSP · Question #646

Following a penetration test, what should an organization do FIRST?

The correct answer is D. Evaluate the problems identified in the test result.. After a penetration test, the first thing an organization should do is evaluate the problems identified in the test result. This evaluation helps prioritize the vulnerabilities and weaknesses uncovered during the test based on their severity and potential impact on the organizati

Submitted by parkjh· Mar 5, 2026Security Assessment and Testing

Question

Following a penetration test, what should an organization do FIRST?

Options

  • AReview all security policies and procedures.
  • BEnsure staff is trained in security.
  • CDetermine if you need to conduct a full security assessment.
  • DEvaluate the problems identified in the test result.

How the community answered

(32 responses)
  • A
    3% (1)
  • B
    6% (2)
  • C
    13% (4)
  • D
    78% (25)

Explanation

After a penetration test, the first thing an organization should do is evaluate the problems identified in the test result. This evaluation helps prioritize the vulnerabilities and weaknesses uncovered during the test based on their severity and potential impact on the organization. By analyzing the results, the organization can take informed steps to address the most critical issues first, and plan remediation actions effectively.

Topics

#penetration testing#post-test procedures#vulnerability management

Community Discussion

No community discussion yet for this question.

Full CISSP Practice