PT0-002 Question #369: Real Exam Question with Answer & Explanation

Question

Penetration-testing activities have concluded, and the initial findings have been reviewed with the client. Which of the following best describes the NEXT step in the engagement?

Options

• APerforming a live demonstration of the results to the system administrators
• BScheduling of follow-up actions and retesting
• CAttestation of findings and delivery of the report
• DReview of the lessons during the engagement

Explanation

After initial findings are reviewed, the formal documentation of all discoveries, risk assessments, and recommendations is compiled into the final report, which is then formally delivered to the client. This report attests to the findings and serves as the official record of the engagement.

Common mistakes.

• A. A live demonstration might occur as part of initial findings review or final presentation, but it's not the next formal step after initial review; the report is the primary deliverable.
• B. Scheduling follow-up actions and retesting typically occurs after the final report has been delivered and the client has had time to implement remediations, not immediately after initial findings review.
• D. A review of lessons learned during the engagement (a post-mortem) is usually conducted internally by the penetration testing team or with the client much later, often after remediation and retesting, not as the immediate next step after initial findings review.

Concept tested. Penetration test engagement lifecycle - Post-testing phases

No community discussion yet for this question.