CompTIA PenTest+ (PT0-002) — Question 158

A client evaluating a penetration testing company requests examples of its work. Which of the following represents the BEST course of action for the penetration testers?

Answer options

• A. Redact identifying information and provide a previous customer's documentation.
• B. Allow the client to only view the information while in secure spaces.
• C. Determine which reports are no longer under a period of confidentiality.
• D. Provide raw output from penetration testing tools.

Correct answer: C

Explanation

The correct answer is C because it allows the penetration testers to share information that is no longer confidential, maintaining trust and compliance. Option A is not ideal as it may still breach confidentiality agreements. Option B restricts access too much, and option D may expose sensitive data that is not suitable for external sharing.