CompTIA PenTest+ (PT1-002) — Question 63
A penetration tester is working on a scoping document with a new client. The methodology the client uses includes the following:
✑ Pre-engagement interaction (scoping and ROE)
✑ Intelligence gathering (reconnaissance)
✑ Threat modeling
✑ Vulnerability analysis
✑ Exploitation and post exploitation
✑ Reporting
Which of the following methodologies does the client use?
Answer options
- A. OWASP Web Security Testing Guide
- B. PTES technical guidelines
- C. NIST SP 800-115
- D. OSSTMM
Correct answer: B
Explanation
The correct answer is B, PTES technical guidelines, as it specifically outlines the steps mentioned in the question. The other options, while relevant to security testing, do not encompass the full methodology of pre-engagement, threat modeling, and post-exploitation as described.