nerdexam
ExamsPT0-001Questions#33
CompTIA

PT0-001 · Question #33

PT0-001 Question #33: Real Exam Question with Answer & Explanation

The correct answer is B: Executive summary. The overall level of risk to operations is a high-level business concern that belongs in the executive summary, where non-technical stakeholders can understand and act on it.

Engagement management

Question

A penetration tester is in the process of writing a report that outlines the overall level of risk to operations. In which of the following areas of the report should the penetration tester put this?

Options

  • AAppendices
  • BExecutive summary
  • CTechnical summary
  • DMain body

Explanation

The overall level of risk to operations is a high-level business concern that belongs in the executive summary, where non-technical stakeholders can understand and act on it.

Common mistakes.

  • A. Appendices contain supplementary material such as raw tool output, evidence screenshots, and supporting data - not high-level operational risk narrative.
  • C. The technical summary addresses findings at a technical level for IT staff and security teams, not the overarching business risk statement intended for leadership.
  • D. The main body contains detailed technical findings, methodology, and exploitation steps, which is too granular a section for communicating overall risk to operations.

Concept tested. Penetration test report structure - executive summary placement

Reference. http://www.pentest-standard.org/index.php/Reporting

Topics

#penetration test report#executive summary#risk reporting#report structure

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full PT0-001 Practice