Gotta prioritise vulnerabilities based on the companies goals (i.e. making money - critical devices like webservers that host shops or databases with customer info / inventing things - research data must be protected above webservers). This would be discussed during the initial meeting, defining what is 'critical' or 'severe' depends on the business missions and goats.
you have to remember you are not the CEO of the company but the security tester.
it doesn't make sense for a tester (not to mention a 3rd party tester) to consider business goals.
Aligning security findings with the organization's business mission and goals ensures that vulnerabilities posing the greatest risk to critical operations are addressed first. This approach considers the potential impact of each vulnerability on the organization's objectives, enabling informed decision-making.
Penetration testing is all about identifying vulnerabilities. So D, prioritising by cyber threats makes sense to me.
upvoted 4 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
study_study
5 days, 4 hours agokinny4000
1 month, 3 weeks agohitagitore
2 months, 1 week agoVslaugh
2 months, 2 weeks agoAlex818119
2 months, 3 weeks agoPTA
4 months, 1 week agofecffa8
4 months, 3 weeks agofecffa8
4 months, 3 weeks agomamoru
5 months, 2 weeks agob1484e5
6 months, 3 weeks agoTa2oo
6 months, 3 weeks ago