A penetration tester needs to provide the code used to exploit a DNS server in the final report. In which of the following parts of the report should the penetration tester place the code?
B.
Findings and Remediation
Findings are the evidence of impact that were identified during testing. These describe
the results of testing. Sometimes, this is separated into a technical report. But findings
and remediation describe the results of testing in depth. In general, findings should
include at least the following details:
• A unique finding label
• A rating of relative severity
• Evidence to demonstrate the impact/success of exploitation (often screenshots)
• Command lines or details to replicate the finding (may include sample scripts)
• Affected assets (e.g., where is it found)
• Recommendations for remediation or mitigation
• A description
Answer is B.
Remediation and Findings section is where you include detailed information and screenshots to include the steps you took to exploit a vulnerability.
Agree to disagree.. Nowhere in the remediation you should include code, unless the code you are including does precisely that: Remediate.
In this case they are asking for the code of the exploit used, the technical summary =! the executive summary which looks to just put everything in a nutshell; The technical summary would be the perfect place to put all you artillery and show everything you did.
I know you guys know your sh't but for this one I'll trust my backbone.
A. Executive summary -- high level for CEO or non personal people can undestand
B. Remediation -- Steps to fix vulnerability
C. Conclusion -- Conclusion or all findings
D. Technical summary -- Steps to exploit for tecnical people to know how to replicate.
I will choose D that the part of the report you put code.
Remediation (& Findings)
According to the CompTIA Pentest Study Guide, this section describes the security issues that you discovered during the penetration test and offers suggestions on how the organization might remediate those issue to reduce their level of cybersecurity risk.
Carlo what are you talking about? If this was on the exam and you chose B, then those were lost points. where in the world would you put the code of your exploit as remediation?
Executive summary? No way, executives have no clue. Technical summary? Ding ding ding... Technical; The people reviewing this do know about code and will be able to extract useful info from the code.
B.Comptia Pentest has four section in relation to providing report and i have not idea from where you get the technical summary part ?
Executive summary
Findings and remediations
Methodology
Conclusion
What about D? So A is not where you put code. B & C dont really fit.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.PT0-001 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
smalltech
Highly Voted 3 years, 10 months agoflash1620
Highly Voted 3 years, 11 months agojoaks
3 years, 10 months agox0hmei
3 years, 10 months agoboooliyooo
3 years, 10 months agocasandre123
3 years, 7 months agoYanos_kv
3 years, 10 months agohaly
3 years, 9 months agokloug
Most Recent 2 years, 2 months agomiabe
2 years, 9 months agocuernov
3 years agobaybay
3 years agocarlo479
3 years, 9 months agocasandre123
3 years, 6 months agosmalltech
3 years, 9 months agohellobob
3 years, 10 months agopro100keks
3 years, 10 months ago