The penetration testing program must specify retention of results and remediation activities. Which option best reflects this requirement?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the PCI DSS Test with detailed questions and explanations. Use flashcards and quizzes to enhance knowledge. Ensure you're ready for your certification exam!

Multiple Choice

The penetration testing program must specify retention of results and remediation activities. Which option best reflects this requirement?

Explanation:
The key idea is that a penetration testing program must document and keep records of both what was found and what was done to fix it. Retaining the results shows exactly what vulnerabilities were discovered, while retaining the remediation activities shows the actions taken, who was responsible, and whether fixes were implemented. Together, they provide a complete, auditable trail that demonstrates progress and compliance, and it supports verification in future testing. That’s why the best option includes retention of both results and remediation activities. If you only keep results, you can’t prove that remediation occurred. If you only keep remediation, you lose the ability to show what was originally found. No retention would leave no verifiable record at all. Keeping only one part misses a crucial half of the evidence required for effective security governance.

The key idea is that a penetration testing program must document and keep records of both what was found and what was done to fix it. Retaining the results shows exactly what vulnerabilities were discovered, while retaining the remediation activities shows the actions taken, who was responsible, and whether fixes were implemented. Together, they provide a complete, auditable trail that demonstrates progress and compliance, and it supports verification in future testing.

That’s why the best option includes retention of both results and remediation activities. If you only keep results, you can’t prove that remediation occurred. If you only keep remediation, you lose the ability to show what was originally found. No retention would leave no verifiable record at all. Keeping only one part misses a crucial half of the evidence required for effective security governance.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy