When compiling a status report in the context of an ongoing penetration testing engagement, which of the following elements is most appropriate to include?
An attestation of findings similar to the final report
Comprehensive debrief on the tester's tactics and tools
Detailed remediation steps for all discovered vulnerabilities
Progress against planned milestones
Final analysis of the business impact for each finding
The correct answer is 'Progress against planned milestones', as status reports are meant to convey the advancement of the testing process relative to the original plan. These reports should focus on current progress, and while they may highlight critical findings, a full risk rating is typically reserved for the final report. The report should not contain a full debrief or final remediation steps, as the testing is still in motion and these elements are premature at this stage.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are planned milestones in penetration testing?
Open an interactive chat with Bash
Why is a full risk rating not included in a status report?
Open an interactive chat with Bash
What should be included in a final penetration testing report?