nerdexam
GIAC

GPEN · Question #394

GPEN Question #394: Real Exam Question with Answer & Explanation

The correct answer is C. Executive Summary. The Executive Summary section of a pentest report synthesizes and prioritizes testing results for business leadership and decision-makers in a risk-focused, actionable format.

Question

What section of the penetration test or ethical hacking engagement final report is used to detail and prioritize the results of your testing?

Options

  • AMethodology
  • BConclusions
  • CExecutive Summary
  • DFindings

Explanation

The Executive Summary section of a pentest report synthesizes and prioritizes testing results for business leadership and decision-makers in a risk-focused, actionable format.

Common mistakes.

  • A. The Methodology section describes the scope, approach, and tools used during testing - documenting how the assessment was conducted rather than what was found.
  • B. The Conclusions section offers a general wrap-up and may suggest future actions but does not systematically detail or rank individual vulnerabilities by severity.
  • D. The Findings section provides granular technical details about individual vulnerabilities for remediation teams, oriented toward technical staff rather than presenting a prioritized synthesis for business decision-makers.

Concept tested. Penetration test final report section structure

Reference. https://csrc.nist.gov/publications/detail/sp/800-115/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GPEN Practice