After delivering a comprehensive penetration test report to your client, which of the following steps should you take to ensure proper client acceptance of the engagement?
Wait for the client to implement the recommended remediations before assuming acceptance of the report.
Send an email to the client confirming that the report has been delivered and consider the project accepted.
Obtain a formal sign-off from the client, indicating acceptance of the findings and recommendations.
Make any revisions to the report that the client requests and assume acceptance is implied.
Having the client sign a document that formally states they have received and understood the report is a key step to ensure client acceptance of a penetration test engagement. It confirms that the client acknowledges the outcomes and is an essential part of the closure process. The report delivery alone doesn't guarantee acceptance, nor does an email confirmation suffice for formality. Making revisions based on client feedback is part of the overall process but does not equate to formal acceptance.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is a formal sign-off important after a penetration test?
Open an interactive chat with Bash
What could happen if no formal acceptance is obtained?
Open an interactive chat with Bash
What types of documentation are typically involved in the sign-off process?