Crucial Exams

CompTIA PenTest+ PT0-002 Practice Question

As a penetration tester, you have uncovered several security flaws within your client's network infrastructure. In order to systematically convey the severity of each finding in your report, you must adhere to an industry-standard risk rating framework. Which of the following would best allow for a consistent and quantitative expression of vulnerability severity that can be understood by both technical and non-technical stakeholders?

  • Employing the Common Vulnerability Scoring System (CVSS) to apply a numerical and qualitative severity level to each vulnerability

  • Calculating severity based on the average cost of incidents associated with similar vulnerabilities in the past year

  • Relying on the Common Weakness Scoring System (CWSS) to measure the risk level of each weakness without factoring in environmental metrics

  • Developing an algorithmic risk matrix that combines asset value, threat capability, and vulnerability severity tailored to the client

CompTIA PenTest+ PT0-002
Reporting and Communication
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
SAVE $49
CompTIA PenTest+ Voucher (PT0-002)
$404.00 $355.00
Bash, the Crucial Exams Chat Bot
AI Bot