A company hires a cybersecurity consultant to perform penetration testing to assess government regulation compliance. The consultant is preparing the final report after the penetration testing is completed. In which section of the report should the consultant cover the limitation of the work performed, such as the only dates when the testing is performed and that the findings mentioned in the report do not guarantee that all vulnerabilities are covered?
- disclaimers
- scope of work
- findings and analysis
- non-disclosure statement
Explanation: The party performing work in a penetration testing engagement may add a disclaimer in the pre-engagement documentation and in the final report to disclaim the limited responsibility and reliability. Cybersecurity threats are always changing, and new vulnerabilities are discovered daily. No software, hardware, or technology is immune to security vulnerabilities, no matter how much security testing is conducted. One example of a disclaimer is that the penetration testing report is intended only to provide documentation and that the hiring company will determine the best way to remediate any vulnerabilities.
Exam with this question: 2.4.3 Quiz - Planning and Scoping a Penetration Testing Assessment Answers
Please login or Register to submit your answer