What are some things that are generally included on a third party security assessment report? Select all that apply1 pointThird party security audit resultsUser reviewsPenetration testing resultsCustomer feedback scores

What information is typically communicated to stakeholders after completion of an internal security audit? Select three answers.1 pointA list of existing risksResults and recommendationsA summary of the scopeQuestions about specific controls

A security professional is asked to communicate the results of an internal security audit to stakeholders. What should be included in that communication? Select three answers.1 pointA list of risks and compliance requirements that need to be addressedA summary of the audit's scope and goalsA recommendation about how to improve the organization’s security postureA list of questions for stakeholders to answer

A PenTester is creating a vulnerability report based on the PTES. What information will the PenTester likely include in the report? (Select all that apply.)A.Tools used for PenTestingB.Vulnerability classification levelsC.Technical vulnerabilitiesD.Summary of results

3.Question 3Fill in the blank: Performing _____ enables security professionals to review an organization's security records, activities, and related documents.1 pointsecurity auditssoftware developmentsethical hackingpenetration tests4.Question 4In what ways do security teams bring value to an organization? Select two answers.1 pointProtecting against external and internal threatsIncreasing operational expensesAchieving regulatory complianceReducing business productivity

2.Question 2What are the goals of a vulnerability assessment? Select two answers.1 pointTo audit regulatory complianceTo identify existing weaknessesTo reduce overall threat exposureTo detect network traffic