autonumA client evaluating a penetration testing company requests examples of its work.
Which of the following represents the BEST course of action for the penetration testers?
A . Redact identifying information and provide a previous customer’s documentation.
B . Allow the client to only view the information while in secure spaces.
C . Determine which reports are no longer under a period of confidentiality.
D . Provide raw output from penetration testing tools.
Answer: A
Explanation:
It’s important to respect the confidentiality of previous clients while also demonstrating the quality of your work to potential new clients. By redacting (removing or anonymizing) any identifying information from a previous report, you can give an example of the depth and quality of your work without violating the privacy or security of your previous clients.
B) Allowing the client to only view the information while in secure spaces can be restrictive and unnecessary when you could simply redact sensitive information.
C) It is not considered best practice to provide reports even after the confidentiality period has expired. Those reports contain sensitive information about the client’s infrastructure that could be used maliciously.
D) Providing raw output from penetration testing tools is generally not useful to clients. They are looking for comprehensive reports that include findings, their impacts, and recommendations for remediation, not raw data.
Latest PT0-002 Dumps Valid Version with 110 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund