4.1 Reporting and Communication Flashcards

Compare and contrast important components of written reports.

1
Q

At then end of a PenTest, what does the report audience usually consist of?

A

-C-Suite
-Third-party Stakeholders
-Technical Staff
-Developers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

In a PenTest report, what is an Executive Summary?

A

An Executive summary is a high-level and concise overview of the penetration test, its findings and their impact.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

In a PenTest report, what is the Methodology?

A

The Methodology is a high-level description of the standards or frameworks that were followed to conduct the penetration test.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In a PenTest report, what is the Attack Narrative?

A

The Attack Narrative is a detailed explanation of the steps taken while performing the activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is important to include in the findings of a PenTest report?

A

-Risk Rating: the process of assigning quantitative values to the identified risks(likelihood vs impact)
-Risk Prioritization: the process of adjusting the final rating of vulnerabilities to the client needs
-Business Impact Analysis: estimating the possible effects to the client if the identified issues were to be targeted by a malicious actor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

In a PenTest report, what are Metrics & Measures?

A

-Metrics are quantifiable measurements of the status of results or processes.
-Measures are the specific data points that contribute to a metric.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In a PenTest report, what is Remediation?

A

Remediation is the possible solution to the issue identified during the penetration test.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In a PenTest report, what is in the Appendix?

A

Any supporting evidence or attestation of findings, such as test results, screenshots and other evidence. Sometimes the full vulnerability details are also included in the appendix.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly