adplus-dvertising

Welcome to the Reporting and Communication MCQs Page

Dive deep into the fascinating world of Reporting and Communication with our comprehensive set of Multiple-Choice Questions (MCQs). This page is dedicated to exploring the fundamental concepts and intricacies of Reporting and Communication, a crucial aspect of CompTIA PenTest+ Certification Exam PT0 002. In this section, you will encounter a diverse range of MCQs that cover various aspects of Reporting and Communication, from the basic principles to advanced topics. Each question is thoughtfully crafted to challenge your knowledge and deepen your understanding of this critical subcategory within CompTIA PenTest+ Certification Exam PT0 002.

frame-decoration

Check out the MCQs below to embark on an enriching journey through Reporting and Communication. Test your knowledge, expand your horizons, and solidify your grasp on this vital area of CompTIA PenTest+ Certification Exam PT0 002.

Note: Each MCQ comes with multiple answer choices. Select the most appropriate option and test your understanding of Reporting and Communication. You can click on an option to test your knowledge before viewing the solution for a MCQ. Happy learning!

Reporting and Communication MCQs | Page 6 of 7

Explore more Topics under CompTIA PenTest+ Certification Exam PT0 002

Q51.
Why is it often helpful to have a third party moderate the lessons learned session in a penetration testing engagement?

a.

To provide technical insights

b.

To disclose sensitive information

c.

To approach the results objectively without attachment to the work

d.

To influence the findings in favor of the client

Discuss
Answer: (c).To approach the results objectively without attachment to the work Explanation:Having a third party moderate the lessons learned session is helpful to approach the results objectively without attachment to the work and draw out details that might be obvious to the team but helpful to an outside reader.
Q52.
What might be included in follow-up actions after a penetration testing engagement?

a.

Conducting the same tests with the same tools

b.

Quick retests at no charge

c.

Retesting resources with vulnerabilities to verify remediation

d.

All of the above

Discuss
Answer: (d).All of the above Explanation:Follow-up actions may include conducting different tests, quick retests at no charge if within the original scope, and retesting resources with vulnerabilities to verify remediation.
Q53.
When might a formal attestation of findings be requested in a penetration testing engagement?

a.

As part of the lessons learned session

b.

When the client requests additional tests

c.

When the test is conducted for regulatory or contractual commitments

d.

When there are no vulnerabilities found

Discuss
Answer: (c).When the test is conducted for regulatory or contractual commitments Explanation:A formal attestation of findings might be requested when the test is conducted for regulatory or contractual commitments.
Q54.
What does the level of detail in a formal attestation of findings depend on?

a.

The number of team members involved

b.

The purpose of the request

c.

The duration of the penetration test

d.

The client's technical knowledge

Discuss
Answer: (b).The purpose of the request Explanation:The level of detail in a formal attestation of findings depends on the purpose of the request.
Q55.
What should testers observe regarding data retention and destruction at the conclusion of a penetration testing engagement?

a.

Preserve all data for future use

b.

Retain any data without client confirmation

c.

Carefully observe the requirements stated in the statement of work

d.

Securely destroy all data after a long retention period

Discuss
Answer: (c).Carefully observe the requirements stated in the statement of work Explanation:Testers should carefully observe the requirements stated in the statement of work regarding data retention and destruction.
Q56.
What type of report is the client requesting when they ask for a letter documenting the penetration test results for compliance files?

a.

Executive summary

b.

Penetration testing report

c.

Written testimony

d.

Attestation of findings

Discuss
Answer: (d).Attestation of findings Explanation:An attestation of findings is a certification provided by the penetration testers to document that they conducted a test and the results for compliance purposes.
Q57.
Wendy is reviewing the results of a penetration test and learns that her organization uses the same local administrator password on all systems. Which one of the following tools can help her resolve this issue?

a.

LAPS

b.

Nmap

c.

Nessus

d.

Metasploit

Discuss
Answer: (a).LAPS Explanation:The Local Administrator Password Solution (LAPS) from Microsoft provides a method for randomizing local administrator account credentials through integration with Active Directory.
Q58.
Which one of the following is not a normal communication trigger for a penetration test?

a.

Discovery of a critical finding

b.

Completion of a testing stage

c.

Documentation of a new test

d.

Identification of prior compromise

Discuss
Answer: (c).Documentation of a new test Explanation:The three common triggers for communication during a penetration test are the completion of a testing stage, the discovery of a critical finding, and the identification of indicators of prior compromise.
Q59.
Gary ran an Nmap scan of a system and discovered that it is listening on port 22 despite the fact that it should not be accepting SSH connections. What finding should he report?

a.

Shared local administrator credentials

b.

Unnecessary open services

c.

SQL injection vulnerability

d.

No multifactor authentication

Discuss
Answer: (b).Unnecessary open services Explanation:The only conclusion that Gary can draw from this information is that the server is offering unnecessary services because it is listening for SSH connections when it should not be supporting that service.
Q60.
Tom’s organization currently uses password-based authentication and would like to move to multifactor authentication. Which one of the following is an acceptable second factor?

a.

Security question

b.

PIN

c.

Smartphone app

d.

Passphrase

Discuss
Answer: (c).Smartphone app Explanation:Passphrases, security questions, and PINs are all examples of knowledge-based authentication and would not provide multifactor authentication when paired with a password. Smartphone apps are an example of "something you have" and are an acceptable alternative.
Page 6 of 7

Suggested Topics

Are you eager to expand your knowledge beyond CompTIA PenTest+ Certification Exam PT0 002? We've curated a selection of related categories that you might find intriguing.

Click on the categories below to discover a wealth of MCQs and enrich your understanding of Computer Science. Happy exploring!

Digital Communication

Master the basics of electronic communication with our Digital Communication MCQs....

C# programming

Hone your skills in the C# language with our MCQs. Understand data types, operators,...

Wireless and Mobile Communications

Get to grips with modern communication technologies with our Wireless and Mobile...

Systems Programming

Decode low-level programming with our Systems Programming MCQs. These questions delve...

Computer Architecture

Unveil the science behind computer design with our Computer Architecture MCQs. Topics...

Cryptography and Network Security

Secure your knowledge of information security with our Cryptography and Network...

HTML

Start your journey in web development with our HTML MCQs. Learn the building blocks...

DBMS

Get a firm grasp on database systems with our DBMS MCQs. Explore relational...

Object Oriented Programming Using C++

Enhance your programming skills with our MCQs on Object Oriented Programming using...