Risk Communication — CompTIA PenTest+ (PT0-002) Practice Questions
Risk communication in penetration testing refers to conveying the likelihood and business impact of discovered vulnerabilities to stakeholders with varying levels of technical knowledge. This involves translating raw CVSS scores or exploit complexity into tangible business consequences such as data loss, regulatory exposure, or operational disruption. The PT0-002 exam tests whether candidates can tailor their communication style and content to different audiences, including executives, legal teams, and technical staff, ensuring findings drive informed decision-making.
Free questions on risk communication
When reporting vulnerabilities, which of the following should be included in an executive summary?
Free question · easy · full answer + explanation
More risk communication questions in the full bank
- A penetration tester is writing a final report for executives. The tester discovered 15 vulnerabilities: 5 critical, 4 high, 4 medium, and 2 low. When presenting risk, what is the MOST effective approach? Unlock answer & explanation →
- What is the purpose of a penetration testing debrief with client stakeholders? Unlock answer & explanation →