CompTIA PenTest+ Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the CompTIA PenTest+ Exam with flashcards and multiple choice questions. Each question offers hints and detailed explanations, empowering you for success!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What must a vulnerability report include to accurately reflect the assets scanned?

Incident response plan
Risk assessment
Log disposition
Threat analysis

The correct answer is: Log disposition

For a vulnerability report to accurately reflect the assets scanned, it is essential to include a detailed account of log disposition. Log disposition involves documenting the status and management of logs generated during the scanning process. This includes indicating how logs should be retained, archived, or deleted, as well as noting any relevant metadata associated with those logs, such as timestamps, sources, and any pertinent activity captured during the scan. Including log disposition helps in tracing any findings back to their source, providing a clearer understanding of the scan results and the context in which they were generated. It supports accountability and transparency in the vulnerability assessment process, making it easier to correlate issues with specific assets and actions taken during the scan. Other options, while important in a broader security context, do not specifically pertain to accurately reflecting the assets scanned. An incident response plan is crucial for addressing vulnerabilities once identified but is not part of the scanner result itself. A risk assessment evaluates the potential impact of vulnerabilities but does not directly report on the findings. Threat analysis focuses on understanding potential threats but again doesn't provide the necessary detail on the disposition of scanned logs that would enhance the accuracy of a vulnerability report.