Certified Information Systems Security Professional – CISSP – Question128

Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?

A.
Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be taken
B. Technical teams will understand the testing objectives, testing strategies applied, and business risk associated with each vulnerability
C. Management teams will understand the testing objectives and reputational risk to the organization
D. Technical and management teams will better understand the testing objectives, results of each test phase, and potential impact levels

Correct Answer: D