A penetration tester keeps a running diary of the day-to-day engagement activity. Which of the following is the most likely explanation for keeping the diary?
B. To monitor lessons learned
A penetration testing diary helps track what worked, what didn't, and any unexpected behaviors. This can later be used in the Lessons Learned report.
To facilitate post engagement cleanup, the steps taken will be recorded more formally, to avoid any problems if the tester quits or leaves unexpectedly.
Its a toss up between A and B. I'm leaning towards B.
From the cert master
Taking Notes
Another important part of the penetration test that can aid you during reporting (and after) is note taking. For example, note taking can help you keep track of additional details that occurred during the activities that you do not want to miss mentioning in the report.
Alternatively, if after some time and other activities you are asked about this engagement in particular, you can refer back to your notes for any additional information that you may need.
It will be important to tailor your note taking depending on your needs and the client’s.
As this section is usually for internal use, it tends to be more flexible in regards to the needs of each penetration testing team, unlike the next section which is commonly tailored to a particular industry.
That is completely incorrect. There is a section in the certmaster for lessons learned. "An important part of any project is to identify any lessons learned during the project.
When you debrief within the penetration test team, you are likely to uncover things that did or did not work well. You can use this information to influence how you conduct future tests. The primary goal of drafting a lessons learned report (LLR) or after-action report (AAR) is to improve your PenTest processes and tools."
A. After a long period of testing, it is easy to forget your steps and miss something during cleanup. Lessons learned will completely rely on end results. Not notes you kept in a diary.
The testers diary shouldn't be where this is documented. Documenting steps taken would be more formal than a diary. Common sense would dictate that. What if the tester leaves, quits, terminated, or investigated later and all of the steps taken are in a diary.
The diary can assist in cleanup, but it is not primarily maintained for that purpose. The best explanation for keeping such a diary is "To monitor lessons learned", as it supports continuous improvement and tracking of methods throughout the engagement.
Lessons learned is a task conducted by the company receiving the pen-test. The pen tester will be doing this to keep track of what they've done, so they can clean up when required. Going with A
No. The penetration tester should also conduct a Lessons Learned post engagement. In explicitly mentioned in the certmaster. To be fair, the study guides and courses don't say one way or the other. Its mentioned for both A and B, but wording leans more B.
Correct answer is A.
Keeping a running diary of the day-to-day engagement activity helps the penetration tester track and document all actions, observations, and findings during the engagement. It provides a detailed record of all activities conducted, which helps in systematically cleaning up any changes made during the testing. This includes removing test data, reversing configuration changes, and ensuring that no residual access or impact remains.
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.PT0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
kinny4000
2 months, 2 weeks agofecffa8
5 months, 1 week agoIamBlackFire
6 months, 1 week agofecffa8
5 months, 1 week agoAnnoyingIAGuy
6 months, 2 weeks agofecffa8
5 months, 1 week agouselessscript
7 months, 1 week agowdmssk
7 months, 1 week ago435189c
7 months, 1 week agofecffa8
5 months, 1 week agomat22
8 months, 2 weeks ago