CompTIA PenTest+ (PT0-002) — Question 412

Which of the following elements of a penetration testing report aims to provide a normalized and standardized representation of discovered vulnerabilities and the overall threat they present to an affected system or network?

Answer options

• A. Executive summary
• B. Vulnerability severity rating
• C. Recommendations of mitigation
• D. Methodology

Correct answer: B

Explanation

The correct answer is B, as the vulnerability severity rating provides a systematic way to assess and communicate the risk levels of vulnerabilities found. Options A, C, and D serve different purposes; the executive summary gives an overview, recommendations provide solutions, and methodology outlines the testing process but do not focus specifically on vulnerability assessment.