A team performed assessments over brief periods on several systems without running advanced exploits in production. Which approach belongs in the final deliverable to ensure stakeholders are aware of these significant constraints?
Emphasize risk scores for each issue found, avoiding any reference to the timing or scope restrictions
Show detailed attack paths and discovered weaknesses, while leaving mentions of partial coverage out of the final documentation
Describe limiting factors, outline how they impacted findings, and explain that systems left unassessed contain unidentified issues
Concentrate on the new vulnerabilities found and recommend reviewing them again whenever constraints change
It is important to highlight any factors that limited thoroughness, such as reduced testing windows or partial access to systems. Acknowledging these constraints clarifies coverage gaps and underscores ongoing risks. If these limitations are not explained, decision-makers may interpret the reported findings as comprehensive, which can lead to an inaccurate understanding of the organization's exposure.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'brief assessment periods' mean in the context of penetration testing?
Open an interactive chat with Bash
Why is it important to explain testing constraints in the deliverable?
Open an interactive chat with Bash
What is the risk of leaving unassessed systems unmentioned in the report?