Gotta prioritise vulnerabilities based on the companies goals (i.e. making money - critical devices like webservers that host shops or databases with customer info / inventing things - research data must be protected above webservers). This would be discussed during the initial meeting, defining what is 'critical' or 'severe' depends on the business missions and goats.
you have to remember you are not the CEO of the company but the security tester.
it doesn't make sense for a tester (not to mention a 3rd party tester) to consider business goals.
Aligning security findings with the organization's business mission and goals ensures that vulnerabilities posing the greatest risk to critical operations are addressed first. This approach considers the potential impact of each vulnerability on the organization's objectives, enabling informed decision-making.
Penetration testing is all about identifying vulnerabilities. So D, prioritising by cyber threats makes sense to me.
upvoted 4 times
...
This section is not available anymore. Please use the main Exam Page.PT0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
study_study
3 weeks, 6 days agokinny4000
2 months, 2 weeks agohitagitore
3 months agoVslaugh
3 months, 1 week agoAlex818119
3 months, 2 weeks agoPTA
4 months, 4 weeks agofecffa8
5 months, 1 week agofecffa8
5 months, 1 week agomamoru
6 months, 1 week agob1484e5
7 months, 1 week agoTa2oo
7 months, 1 week ago