Question
a.
The client must retain a copy of the report indefinitely.
b.
The penetration testers must retain the report indefinitely.
c.
The report should be securely deleted after a sufficient time to answer client questions.
d.
The report should be publicly available for a specific duration.
Posted under CompTIA PenTest+ Certification Exam PT0 002
Engage with the Community - Add Your Comment
Confused About the Answer? Ask for Details Here.
Know the Explanation? Add it Here.
Q. What should be specified in the penetration testing agreement regarding the storage time of the report?
Similar Questions
Discover Related MCQs
Q. What is an essential post-report delivery activity for penetration testers before closing out a project?
View solution
Q. What is a basic principle that penetration testers should follow during post-engagement cleanup?
View solution
Q. What are three important post-engagement cleanup activities highlighted by CompTIA?
View solution
Q. What is the purpose of obtaining formal client acceptance in a penetration testing engagement?
View solution
Q. What is the purpose of the lessons learned session in a penetration testing engagement?
View solution
Q. Why is it often helpful to have a third party moderate the lessons learned session in a penetration testing engagement?
View solution
Q. What might be included in follow-up actions after a penetration testing engagement?
View solution
Q. When might a formal attestation of findings be requested in a penetration testing engagement?
View solution
Q. What does the level of detail in a formal attestation of findings depend on?
View solution
Q. What should testers observe regarding data retention and destruction at the conclusion of a penetration testing engagement?
View solution
Q. What type of report is the client requesting when they ask for a letter documenting the penetration test results for compliance files?
View solution
Q. Wendy is reviewing the results of a penetration test and learns that her organization uses the same local administrator password on all systems. Which one of the following tools can help her resolve this issue?
View solution
Q. Which one of the following is not a normal communication trigger for a penetration test?
View solution
Q. Gary ran an Nmap scan of a system and discovered that it is listening on port 22 despite the fact that it should not be accepting SSH connections. What finding should he report?
View solution
Q. Tom’s organization currently uses password-based authentication and would like to move to multifactor authentication. Which one of the following is an acceptable second factor?
View solution
Q. Which one of the following items is not appropriate for the executive summary of a penetration testing report?
View solution
Q. Which one of the following activities is not commonly performed during the post-engagement cleanup phase?
View solution
Q. Who is the most effective person to facilitate a lessons learned session after a penetration test?
View solution
Q. Which one of the following is not an example of an operational control that might be implemented to remediate an issue discovered during a penetration test?
View solution
Q. Which one of the following techniques is not an appropriate remediation activity for a SQL injection vulnerability?
View solution
Suggested Topics
Are you eager to expand your knowledge beyond CompTIA PenTest+ Certification Exam PT0 002? We've curated a selection of related categories that you might find intriguing.
Click on the categories below to discover a wealth of MCQs and enrich your understanding of Computer Science. Happy exploring!
