Overview

Introduction

Welcome to the Analyzing and Reporting the Pen Test Results Practice Lab. In this module, you will be provided with the information needed to develop your knowledge.

Learning Outcomes

In this module, you will complete the following exercises:

  • Exercise 1 - Guidance on Analyzing the Pen Test Data
  • Exercise 2 - Develop Recommendations for Mitigation Strategies
  • Exercise 3 - Write and Handle Reports
  • Exercise 4 - Conduct Post-Report-Delivery Activities

After completing this lab, you will have covered the following topics:

  • Perform Pen Test Data Collection
  • Perform Pen Test Data Categorization
  • Prioritize the Results
  • Suggest Solutions regarding People, Processes, and Technology
  • Create Categories of Findings
  • Conduct End-user Training
  • Password Encryption and Hashing
  • Multi-factor Authentication
  • Input Sanitization
  • System Hardening
  • Data Normalization
  • Report Structure
  • Report Storage, Handling, and Disposition
  • Post-Engagement Cleanup Tasks
  • Removal of Credentials
  • Removal of Various Tools
  • Client Acceptance
  • Attestation of Findings
  • Lesson Learned
  • Follow-up Actions

Exam Objectives

The following exam objectives are covered in this lab:

  • PT0-001: 5.1 Given a scenario, use report writing and handling best practices
  • PT0-001: 5.2 Explain post-report delivery activities
  • PT0-001:** 5.3 Given a scenario, recommend mitigation strategies for discovered vulnerabilities
  • PT0-001:** 5.4 Explain the importance of communication during the penetration testing process.

Lab Duration

It will take approximately 1 hour to complete this lab.

Exercise 1- Guidance on Analyzing the Pen Test Data

Penetration Test, or Pentest, is a simulated cyber-attack to exploit vulnerabilities in a network and systems. A person conducting the pentest can attempt to exploit applications, protocols, Application Programming Interfaces (APIs), servers, firewalls, and anything that can be exploited on a network. The core intent is to discover any vulnerabilities before an attacker from the outside world can and exploit them to simulate the amount of damage that can be caused.

In this exercise, you will learn about analyzing the pen test data.

Learning Outcomes

This exercise covers the following:

  • Perform Pen Test Data Collection
  • Perform Pen Test Data Categorization
  • Prioritize the Results

Exercise 2 - Develop Recommendations for Mitigation Strategies

After gathering data and categorizing it, you need to ensure you develop recommendations for your findings. As a pentester, you are not responsible for the implementation, but the client would expect you to provide mitigation strategies that are suitable to best address your findings.

In this exercise, you will learn about developing the recommendations for mitigation strategies.

Learning Outcomes

This exercise covers the following:

  • Suggest Solutions regarding People, Processes, and Technology
  • Create Categories of Findings
  • Conduct End-user Training
  • Password Encryption and Hashing
  • Multi-factor Authentication
  • Input Sanitization
  • System Hardening

Exercise 3 - Write and Handle Reports

After you are done with categorizing penetration testing data and assigning priorities to the results, you need to write reports for final submission. You will need to write, handle, store, and ensure secure disposition of the report.

In this exercise, you will learn about writing and handling the report.

Learning Outcomes

This exercise covers the following:

  • Data Normalization
  • Report Structure
  • Report Storage, Handling, and Disposition

Exercise 4 - Conduct Post-Report Delivery Activities

After the penetration testing, there are certain post-report delivery activities that you must perform. Some of these tasks include cleanup of credentials and tools used in penetration testing.

In this exercise, you will learn about conducting post-report delivery activities.

Learning Outcomes

This exercise covers the following:

  • Post-Engagement Cleanup Tasks
  • Removal of Credentials
  • Removal of Various Tools
  • Client Acceptance
  • Attestation of Findings
  • Lesson Learned
  • Follow-up Actions

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.