Exam PT0-002 topic 1 question 353 discussion

C is the correct answer. Attestation before Client acceptance.

Correct answer is C. Attestation of findings is a process in which the client confirms and acknowledges the findings and recommendations presented in a penetration testing report

Client acceptance is the process where the client reviews, confirms, and agrees with the findings in the penetration test report. This process ensures that both parties acknowledge the validity of the findings at the time of the report's delivery. If this had been done properly, the CISO would not be debating the validity of the findings six months later.

Answer is A. From the Pentest+ (PT0-002) Study Guide: Gaining The Client's Acceptance After finishing your PenTest and writing the report, you should plan to have a discussion with the client about the findings in the report. During the formal hand-off process, you will need to get confirmation from the client that they agree that the testing is complete and that they accept your findings as presented in your report.

A = Job done everyone happy, C is I just got the report and I have questions. C can't happen 6 months after....

Correction. The answer is B. Also from the cert master. Yes client acceptance is them agreeing with you. Attestation is the process of providing evidence that the findings detailed in the PenTest report are true. In other words, by signing off on the report given to the client, you are attesting that you believe the information and conclusions in the report are authentic. Attestation is perhaps the most significant component of gaining client acceptance, as the client must believe that what you have said about their people, processes, and technology is accurate. Many organizations will not simply trust your word that a particular vulnerability exists, even if you've built yourself a good reputation over the years. You must be prepared to prove what you claim. Proof can come in many forms, and those forms usually depend on the nature of what is being proven. For example, if you want to prove that you were able to break into a server holding sensitive data, you could present exfiltrated data to the client as proof.

straight from the cert master Gaining The Client's Acceptance After finishing your PenTest and writing the report, you should plan to have a discussion with the client about the findings in the report. During the formal hand-off process, you will need to get confirmation from the client that they agree that the testing is complete and that they accept your findings as presented in your report. Use the meeting to discuss with the client anything that needs to be clarified or changed in the report before they can be confident in its conclusions. Gaining the client's acceptance is of paramount importance, as they will not automatically be satisfied with your report just because you have written one. They need to be convinced that the test was worthwhile from a business standpoint and that it truly met the objectives that were set out during the planning phase.

Attestation is only for compliance/regulatory scans. Client acceptance is ... exactly what it sounds like - the client accepting the results. The client in the question did not accept the results of the engagement.