PT0-002 Question #182: Real Exam Question with Answer & Explanation

Question

A final penetration test report has been submitted to the board for review and accepted. The report has three findings rated high. Which of the following should be the NEXT step?

Options

• APerform a new penetration test.
• BRemediate the findings.
• CProvide the list of common vulnerabilities and exposures.
• DBroaden the scope of the penetration test.

Explanation

After a penetration test report with high-rated findings is accepted, the immediate next step is to remediate those identified vulnerabilities. Remediation is crucial for addressing the weaknesses discovered and improving the organization's security posture.

Common mistakes.

• A. Performing a new penetration test immediately is premature as the purpose of the first test was to identify weaknesses; the next step is to fix them before re-testing for verification.
• C. Providing a list of common vulnerabilities and exposures (CVEs) might be part of the report or remediation effort for context, but it is not the next action step itself; remediation is the direct action taken based on the findings.
• D. Broadening the scope of the penetration test is inappropriate at this stage, as the current high-rated findings need to be addressed and verified within the existing scope before considering any expansion.

Concept tested. Penetration testing lifecycle - post-reporting

Reference. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf

No community discussion yet for this question.