Penetration-testing activities have concluded, and the initial findings have been reviewed with the client. Which of the following best describes the NEXT step in the engagement?
Penetration-testing activities have concluded, and the initial findings have been reviewed with the client. Which of the following best describes the NEXT step in the engagement?
After penetration-testing activities are concluded and the initial findings have been reviewed with the client, it is essential to deliver a comprehensive and official document that details the vulnerabilities identified, the methods used, and the recommendations for remediation. This step is crucial to ensure that the client has a thorough understanding of the outcomes and can take appropriate measures to address any issues identified. Thus, the next step in the engagement is the attestation of findings and delivery of the report.
Answer is "Attestation". I had this on my exam today and "Client Acceptance" wasn't even an option. It was replaced with "Demonstrate Findings to co-workers" or something similar to that!
thanks king
Attestation comes before client acceptance
Answer A From the Pentest Sybex book (Pg421) Wrapping up the engagement: Post-Engagement cleanup Client acceptance Lessons leaned Follow-up actions/retesting Attestation of Findings Retention and Destruction of data
Its c because its chatgpt
Chatpgpt gave me "B". Odd.
The correct answer to the question is option C: Attestation of findings and delivery of the report. Once the report has been delivered to the client, they can review it and make an informed decision on the next steps, which may involve accepting and signing off on the report, scheduling follow-up actions and retesting, or reviewing the lessons learned during the engagement.
Client Acceptance comes next. You may not even have to provide an attestation. It depends on the reason for the pen-test. If you're just doing one to do it, and it has nothing to do with compliance (etc). Then you may not have to provide attestation. - Jason Diob objective 4.2
**C. Attestation of findings and delivery of the report** After concluding penetration-testing activities and reviewing initial findings with the client, the next step is to formally attest to the findings and deliver the final report. This ensures that the client has a comprehensive and official document detailing the vulnerabilities identified, the methods used, and the recommendations for remediation. The client can then proceed to acceptance, follow-up actions, and review of lessons learned.
I vote A because client acceptance of the report dictates whether you have completed the scope of the engagement, otherwise testing continues. B. Retesting occurs after the remediation activities, which is after A, C, and D. C. Attestation document is required for compliance requirements, typically provided by the penetration testing team saying that this activity actually happened. D. Lessons learned if for penetration testers improvement.
It's C
I think A, we first sign-off the report then delivery it.
After the conclusion of penetration-testing activities and the initial review of findings with the client, the next logical step is typically to formalize those findings into a detailed report. This report will include the methods used, vulnerabilities discovered, risks assessed, and recommendations for remediation. So the correct answer from the given options is: C. Attestation of findings and delivery of the report This step involves finalizing the findings, attesting to their accuracy, and delivering the comprehensive report to the client. It's a crucial step in ensuring that the client understands the vulnerabilities that were discovered and can take appropriate measures to address them. The other options may occur later in the process or in different contexts.
After the initial findings have been reviewed with the client, the penetration-testing engagement enters the final phase of attestation and report delivery. This step involves documenting and formalizing the findings, conclusions, and recommendations into a comprehensive report. The attestation of findings involves ensuring the accuracy and integrity of the report. The penetration-testing team may undergo an internal review process to verify that all relevant information has been captured and the report reflects the results of the engagement accurately. Once the report is finalized and attested, it is delivered to the client. The report delivery can be accompanied by a presentation or meeting to discuss the findings in detail and answer any questions or concerns the client may have.
B. Scheduling of follow-up actions and retesting is the next step in the engagement. After the initial findings have been reviewed with the client, it is important to discuss and agree on a plan for addressing any vulnerabilities or weaknesses that were identified. This plan should include follow-up actions to mitigate the risks, such as remediation or patching of vulnerabilities, as well as retesting to ensure that the actions taken are effective. Only after these steps are completed can the engagement be considered complete, and the final report can be delivered for acceptance by the client and sign-off
I think this is A. I think the question itself is describing C
This involves presenting the final report of the penetration-testing activities to the client, attesting to the accuracy and completeness of the findings, and delivering the report. The client can then use the report to address any vulnerabilities or weaknesses identified during the penetration-testing activities.
p. 394 in Pearson's cert guide.....it's A... acceptance
Acceptance by the client and sign-off on the final report, may occur after the attestation of findings and delivery of the report.
Once the client has reviewed the initial findings, the attestation of findings can be completed and documented, and the final report can be delivered to the client for acceptance and sign-off.
b option
Answer is A check the book
A is correct