CompTIA PenTest+ (PT0-002) — Question 278

An organization’s Chief Information Security Officer debates the validity of a critical finding from a penetration assessment that was completed six months ago. Which of the following post-report delivery activities would have most likely prevented this scenario?

Answer options

• A. Client acceptance
• B. Data destruction process
• C. Attestation of findings
• D. Lessons learned

Correct answer: A

Explanation

Client acceptance involves the stakeholders formally agreeing to the findings of the penetration assessment, which helps ensure that all parties acknowledge and understand the implications of the results. If this step had been completed thoroughly, it could have mitigated any doubts about the validity of the findings. The other options, while important, do not directly address the acceptance and acknowledgment of the assessment's results.