Penetration-testing activities have concluded, and the initial findings have been reviewed with the client. Which of the following best describes the NEXT step in the engagement?
A.
Acceptance by the client and sign-off on the final report
B.
Scheduling of follow-up actions and retesting
C.
Attestation of findings and delivery of the report
Answer is "Attestation". I had this on my exam today and "Client Acceptance" wasn't even an option. It was replaced with "Demonstrate Findings to co-workers" or something similar to that!
A. Acceptance goes first.
Attestation is after Acceptance has been signed.
From official COMPTIA study guide (Follow-Up Actions):
- Gaining The Client's Acceptance
- Confirming The Findings (Attestation)
- Planning The Retest
- Reviewing Lessons Learned
**C. Attestation of findings and delivery of the report**
After concluding penetration-testing activities and reviewing initial findings with the client, the next step is to formally attest to the findings and deliver the final report. This ensures that the client has a comprehensive and official document detailing the vulnerabilities identified, the methods used, and the recommendations for remediation. The client can then proceed to acceptance, follow-up actions, and review of lessons learned.
I vote A because client acceptance of the report dictates whether you have completed the scope of the engagement, otherwise testing continues.
B. Retesting occurs after the remediation activities, which is after A, C, and D.
C. Attestation document is required for compliance requirements, typically provided by the penetration testing team saying that this activity actually happened.
D. Lessons learned if for penetration testers improvement.
Answer A
From the Pentest Sybex book (Pg421)
Wrapping up the engagement:
Post-Engagement cleanup
Client acceptance
Lessons leaned
Follow-up actions/retesting
Attestation of Findings
Retention and Destruction of data
After the conclusion of penetration-testing activities and the initial review of findings with the client, the next logical step is typically to formalize those findings into a detailed report. This report will include the methods used, vulnerabilities discovered, risks assessed, and recommendations for remediation.
So the correct answer from the given options is:
C. Attestation of findings and delivery of the report
This step involves finalizing the findings, attesting to their accuracy, and delivering the comprehensive report to the client. It's a crucial step in ensuring that the client understands the vulnerabilities that were discovered and can take appropriate measures to address them. The other options may occur later in the process or in different contexts.
After the initial findings have been reviewed with the client, the penetration-testing engagement enters the final phase of attestation and report delivery. This step involves documenting and formalizing the findings, conclusions, and recommendations into a comprehensive report.
The attestation of findings involves ensuring the accuracy and integrity of the report. The penetration-testing team may undergo an internal review process to verify that all relevant information has been captured and the report reflects the results of the engagement accurately.
Once the report is finalized and attested, it is delivered to the client. The report delivery can be accompanied by a presentation or meeting to discuss the findings in detail and answer any questions or concerns the client may have.
The correct answer to the question is option C: Attestation of findings and delivery of the report. Once the report has been delivered to the client, they can review it and make an informed decision on the next steps, which may involve accepting and signing off on the report, scheduling follow-up actions and retesting, or reviewing the lessons learned during the engagement.
B. Scheduling of follow-up actions and retesting is the next step in the engagement. After the initial findings have been reviewed with the client, it is important to discuss and agree on a plan for addressing any vulnerabilities or weaknesses that were identified. This plan should include follow-up actions to mitigate the risks, such as remediation or patching of vulnerabilities, as well as retesting to ensure that the actions taken are effective. Only after these steps are completed can the engagement be considered complete, and the final report can be delivered for acceptance by the client and sign-off
This involves presenting the final report of the penetration-testing activities to the client, attesting to the accuracy and completeness of the findings, and delivering the report. The client can then use the report to address any vulnerabilities or weaknesses identified during the penetration-testing activities.
Once the client has reviewed the initial findings, the attestation of findings can be completed and documented, and the final report can be delivered to the client for acceptance and sign-off.
This section is not available anymore. Please use the main Exam Page.PT0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
SimonR2
Highly Voted 1 year, 3 months agooutnumber_gargle024
11 months agorangertau
Highly Voted 2 years, 6 months agokillwitch
Most Recent 2 months, 1 week agofuzzyguzzy
8 months, 1 week agoEtc_Shadow28000
9 months, 3 weeks agodeeden
1 year, 1 month agoM3t00
1 year, 3 months ago[Removed]
1 year, 5 months ago[Removed]
1 year, 3 months agoTeigan
1 year, 5 months agomatheusfmartins
1 year, 8 months agosolutionz
1 year, 8 months agobieecop
1 year, 9 months agoLolazo
2 years agoxviruz2kx
2 years agoAaronS1990
2 years agocy_analyst
2 years, 1 month agocy_analyst
2 years agocy_analyst
2 years ago[Removed]
2 years, 1 month agokloug
2 years, 2 months ago[Removed]
2 years, 2 months ago