nerdexam
GIAC

GPEN · Question #403

GPEN Question #403: Real Exam Question with Answer & Explanation

The correct answer is D. Executive Summary. The Executive Summary section of a penetration test report is where business impact is communicated in non-technical language to management and executives.

Question

The resulting business impact, of the penetration test or ethical hacking engagement is explained in what section of the final report?

Options

  • AProblems
  • BFindings
  • CImpact Assessment
  • DExecutive Summary

Explanation

The Executive Summary section of a penetration test report is where business impact is communicated in non-technical language to management and executives.

Common mistakes.

  • A. The Problems section enumerates specific technical issues discovered during testing and does not translate those issues into business-level consequences.
  • B. The Findings section provides detailed technical descriptions of vulnerabilities, proof-of-concept steps, and affected systems - not a business impact analysis.
  • C. Impact Assessment is not a standard standalone section in widely accepted penetration testing report frameworks; business impact is formally addressed in the Executive Summary.

Concept tested. Penetration test report structure - executive summary purpose

Reference. https://www.pentest-standard.org/index.php/Reporting

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GPEN Practice