CompTIA PenTest+ (PT0-002) — Question 64

Which of the following are the MOST important items for prioritizing fixes that should be included in the final report for a penetration test? (Choose two.)

Answer options

• A. The CVSS score of the finding
• B. The network location of the vulnerable device
• C. The vulnerability identifier
• D. The client acceptance form
• E. The name of the person who found the flaw
• F. The tool used to find the issue

Correct answer: A, C

Explanation

The CVSS score (A) is essential because it quantifies the severity of the vulnerability, helping to prioritize which issues to address first. The vulnerability identifier (C) is also crucial as it provides a unique reference to track and remediate the specific flaw. Options B, D, E, and F do not directly impact the prioritization of fixes in the same way, making them less critical.