CompTIA PenTest+ (PT0-002) — Question 292

Which of the following components should a penetration tester most likely include in a report at the end of an assessment?

Answer options

• A. Metrics and measures
• B. Client interviews
• C. Compliance information
• D. Business policies

Correct answer: A

Explanation

Metrics and measures provide quantifiable data that reflects the effectiveness of the security assessment, making it essential for the report. While client interviews, compliance information, and business policies may be relevant, they do not directly contribute to the assessment's quantitative evaluation like metrics do.