CompTIA Security+ (SY0-701) — Question 334

Which of the following should a security team use to document persistent vulnerabilities with related recommendations?

Answer options

• A. Audit report
• B. Risk register
• C. Compliance report
• D. Penetration test

Correct answer: B

Explanation

The correct answer is B, the Risk register, as it is specifically designed to capture persistent vulnerabilities and their remediation recommendations. An Audit report (A) typically summarizes findings from an audit but may not focus solely on vulnerabilities. A Compliance report (C) assesses adherence to regulations rather than documenting vulnerabilities, while a Penetration test (D) is an assessment method that identifies vulnerabilities but does not serve as a documentation tool.