A well-structured penetration testing report should be clear, objective-driven, and include an executive summary to communicate findings effectively to both technical teams and executives.
Option A (Keeping video/audio of everything) ❌: Not required. Video/audio documentation is rarely used in penetration testing reports.
Option B (Keeping reports 5-10 pages) ❌: Reports vary in length based on scope and complexity. There is no strict page limit.
Option C (Basing recommendations on risk score) ❌: Risk scores are important, but the report should also provide remediation guidance, exploitability context, and business impact.
Option D (Clear objectives & executive summary) ✅: Correct.
The executive summary helps non-technical stakeholders understand risks and priorities.
The report should be detailed yet clear, focusing on findings, impact, and remediation.
???? Reference: CompTIA PenTest+ PT0-003 Official Guide – Penetration Testing Reports & Communication
