CompTIA PenTest+ (PT1-002) — Question 42

Which of the following types of information should be included when writing the remediation section of a penetration test report to be viewed by the systems administrator and technical staff?

Answer options

• A. A quick description of the vulnerability and a high-level control to fix it
• B. Information regarding the business impact if compromised
• C. The executive summary and information regarding the testing company
• D. The rules of engagement from the assessment

Correct answer: A

Explanation

Option A is correct because it focuses on providing a concise description of the vulnerability along with a high-level fix, which is crucial for technical staff. Options B, C, and D, while relevant to the overall context, do not directly aid the systems administrator in implementing a specific remediation for the vulnerability.