ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-002 All Questions

View all questions & answers for the PT0-002 exam
Go to Exam

Exam PT0-002 topic 1 question 30 discussion

Actual exam question from CompTIA's PT0-002
Question #: 30
Topic #: 1
[All PT0-002 Questions]

A new client hired a penetration-testing company for a month-long contract for various security assessments against the client's new service. The client is expecting to make the new service publicly available shortly after the assessment is complete and is planning to fix any findings, except for critical issues, after the service is made public. The client wants a simple report structure and does not want to receive daily findings.
Which of the following is most important for the penetration tester to define FIRST?

  • A. Establish the format required by the client.
  • B. Establish the threshold of risk to escalate to the client immediately.
  • C. Establish the method of potential false positives.
  • D. Establish the preferred day of the week for reporting.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by masso435 at Dec. 5, 2022, 8:42 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
RRabbit_111
Highly Voted 2 years, 5 months ago
Selected Answer: B
B. Establish the threshold of risk to escalate to the client immediately. The most important thing for the penetration tester to define first is the threshold of risk to escalate to the client immediately. The client has stated that it wants to fix any findings, except for critical issues, after the service is made public. Therefore, it's important for the penetration tester to establish with the client the level of risk that would warrant an immediate escalation, so that the client can take action to fix the issue before the service is made public. This will help to mitigate the impact of any potential vulnerabilities on the new service and its users. Establishing the format required by the client (Option A) and the method of potential false positives (Option C) are important as well, but it is secondary to the threshold of risk escalation. Establishing the preferred day of the week for reporting (Option D) is also important but it is not as critical as establishing the threshold of risk escalation.
upvoted 7 times
deeden
1 year, 3 months ago
Agree with option B. However, I don't get why would anyone opt not to fix critical issues first?
upvoted 1 times
e7cde6e
1 year, 2 months ago
They are fixing the critical issues first. The other issues they are willing to fix AFTER the release.
upvoted 2 times
yeahnodontthinkso
2 months ago
Yeah, they worded it strangely. If you're reading it quickly it can sound like they're skipping the critical issues, but they're actually fixing ONLY the critical issues and worrying about the rest after release.
upvoted 1 times
...
...
...
...
Etc_Shadow28000
Most Recent 11 months, 4 weeks ago
Selected Answer: B
B. Threshold of Risk: Since the client is planning to fix only critical issues before making the service public and the rest after, it is crucial to define what constitutes a “critical issue” and the threshold at which findings must be escalated immediately. This ensures that any severe vulnerabilities that could jeopardize the service’s security are addressed promptly. Analysis of Other Options: A. Establish the format required by the client: While important, the format of the report is secondary to understanding the criticality of issues that need immediate attention. C. Establish the method of potential false positives: Handling false positives is important for accurate reporting, but it comes after ensuring critical issues are promptly identified and escalated. D. Establish the preferred day of the week for reporting: Regular reporting is necessary, but it is more important to know when to escalate critical issues outside of regular reporting schedules.
upvoted 1 times
...
nickwen007
2 years, 3 months ago
The most important thing for the penetration tester to define first is B. Establish the threshold of risk to escalate to the client immediately. This will ensure that any findings that need to be fixed urgently are communicated to the client right away, and all other findings can be reported in a single report at the end of the assessment.
upvoted 3 times
[Removed]
2 years, 3 months ago
what you think about question 28?
upvoted 1 times
...
...
beamage
2 years, 3 months ago
Selected Answer: A
Critical on the CVSS score is 9-10 it states CRITICAL
upvoted 1 times
[Removed]
2 years, 3 months ago
B is the answer your answer is wrong
upvoted 3 times
...
...
kloug
2 years, 4 months ago
bbbbbbbbbbbbbbbb
upvoted 2 times
...
KeToopStudy
2 years, 5 months ago
Selected Answer: B
The requierment of the client makes it clear that need the critical vulnerabilities to be reported a.s.a.p for it to be able to fix before launch date if possible
upvoted 4 times
...
Neo12334
2 years, 6 months ago
Selected Answer: B
"except for critical issues" in the question makes me think B.
upvoted 4 times
Mr_BuCk3th34D
2 years, 6 months ago
I agree, I need to understand what the customer considers critical before anything else, because that's what we will have to report to be fixed before the product launch, in other words, prioritization.
upvoted 5 times
...
...
masso435
2 years, 6 months ago
Selected Answer: D
Answer is D
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel