Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certifications›PT0-002›Objectives›Reporting and Communication
Objective 4.0

Reporting and Communication

PT0-002 Practice Questions

Use this page to practise Reporting and Communication questions for this certification. Focus on how the exam tests reporting and communication in scenario format — understanding the why behind each answer builds more durable knowledge than memorising options.

Full Practice Test →All Objectives

What this objective tests

PT0-002 Reporting and Communication — Key Topics

Reporting and Communication questions on this certification test your ability to deploy and manage reporting and communication concepts in scenario-based situations.

  • Core Reporting and Communication concepts and how they apply in real-world cloud scenarios.
  • How to deploy reporting and communication correctly and verify the outcome.
  • Troubleshooting reporting and communication issues by interpreting error output and system state.
  • Cloud best practices and Reporting and Communication design trade-offs tested by this certification.

Common exam traps

Where candidates lose marks on Reporting and Communication

  • ⚠Selecting the most expensive service when a simpler managed option meets the requirement.
  • ⚠Forgetting that cloud resources must be explicitly secured — defaults are rarely secure.
  • ⚠Choosing a global service fix when the issue is region-specific.
  • ⚠Overlooking cost implications of cross-region data transfer in architecture questions.

PT0-002 Reporting and Communication — Practice Questions

30 questions from this objective

Question 2hardmultiple choice
Full question →

After completing a penetration test, the lead tester is preparing the executive summary. The client's CISO wants to understand the business impact of a critical vulnerability found in the customer-facing web application. Which of the following is the BEST way to convey this in the report?

Question 3mediummultiple choice
Full question →

A penetration tester has completed the test and is preparing the final report. The client requested a risk rating for each vulnerability. Which of the following frameworks is MOST commonly used to standardize vulnerability severity ratings in penetration testing reports?

Question 4mediummultiple choice
Full question →

A penetration test report includes a finding about a SQL injection vulnerability in a public-facing web application. Which section of the report would be the MOST appropriate place to provide step-by-step remediation instructions for the development team?

Question 5hardmultiple choice
Full question →

After completing a penetration test, the client's technical team requests the detailed raw data (e.g., scan results, exploit logs, packet captures) used to support the findings. According to best practices, which of the following should the penetration tester do?

Question 6easymultiple choice
Full question →

A penetration tester is preparing the executive summary for a report. Which of the following metrics would be MOST valuable to include for non-technical stakeholders to understand the overall security posture?

Question 7mediummultiple choice
Full question →

After a penetration test, the client's development team requests that the report include specific, actionable remediation steps for each vulnerability. Where in the report should this information be placed?

Question 8easymultiple choice
Full question →

A penetration tester is preparing the executive summary of a report for a client's board of directors. Which of the following metrics would be MOST valuable for this audience to understand the overall security posture?

Question 9mediummultiple choice
Full question →

After a penetration test, the client's development team requires detailed, step-by-step instructions to reproduce a SQL injection vulnerability found in the user login functionality. In which section of the standard penetration testing report should this information be included?

Question 10easymultiple choice
Full question →

In a penetration test report, the executive summary is primarily intended for which audience?

Question 11easymultiple choice
Full question →

After a penetration test, the client's technical team wants to understand the exact steps required to reproduce a cross-site scripting vulnerability found in the web application. In which section of the standard penetration testing report should this information be included?

Question 12mediummultiple choice
Full question →

A penetration tester has completed an engagement and needs to present findings to a mixed audience of technical engineers and business executives. Which section of the penetration test report is BEST suited for communicating high-level risk ratings and potential business impact to the non-technical stakeholders?

Question 13easymultiple choice
Full question →

After completing a penetration test, the client requests a one-page document that highlights the most critical vulnerabilities, overall risk level, and recommended next steps for management. Which deliverable should the penetration tester provide?

Question 14easymultiple choice
Full question →

A penetration tester is writing the executive summary of a penetration test report. Which of the following elements is MOST important to include for a non-technical audience?

Question 15mediummultiple choice
Full question →

After the penetration test, the client requests a one-page summary of the test's scope, key findings, and recommended next steps for the board of directors. Which document should the penetration tester provide?

Question 16easymultiple choice
Full question →

After completing a penetration test, the client's technical team requests a detailed list of all vulnerabilities found, prioritized by severity, along with step-by-step reproduction steps and remediation guidance. In which section of the standard penetration testing report should this information be provided?

Question 17easymultiple choice
Full question →

The client's development team needs to reproduce a cross-site scripting vulnerability found in the login form. They require the exact payload and steps. Which deliverable should the penetration tester provide to meet this need?

Question 18mediummultiple choice
Full question →

During a penetration test, the tester discovers active ransomware on a critical server. Which communication should the tester perform FIRST according to standard rules of engagement?

Question 19easymultiple choice
Full question →

After a penetration test, the client requests a document that includes the methodology used, a list of all vulnerabilities found along with their CVSS scores, and detailed steps for remediation. Which type of report section is this?

Question 20easymultiple choice
Full question →

After completing a penetration test, the client's board of directors requests a document that provides a high-level overview of the test's objectives, key findings, and business impact. Which section of the standard penetration testing report should be produced for this audience?

Question 21mediummultiple choice
Full question →

The client's development team needs to reproduce a cross-site scripting (XSS) vulnerability discovered during the penetration test. They require the exact payload and step-by-step instructions. Which deliverable should the tester provide to meet this need?

Question 22hardmultiple choice
Full question →

After completing a penetration test, the client's technical team requests a document that provides step-by-step reproduction instructions for each vulnerability, including exact payloads, tools used, and screenshots. Which deliverable BEST satisfies this requirement?

Question 23easymultiple choice
Full question →

A penetration tester has completed an internal network test. The client's IT manager requests a document that lists each vulnerability with its CVSS score, risk rating, and a brief description of the impact. Which section of the final report should contain this information?

Question 24mediummultiple choice
Full question →

During a penetration test, the tester discovers a critical vulnerability that could allow an attacker to take over the entire Active Directory domain. The tester wants to report this to the client as soon as possible. Which communication channel is most appropriate for this initial notification?

Question 25easymultiple choice
Full question →

A penetration tester has completed the testing phase and is preparing the final report for the client's board of directors. The board members are non-technical and need to understand the overall security posture and business risk. Which section of the report should the tester focus on for this audience?

Question 26easymultiple choice
Full question →

A penetration tester is compiling the final report. The client's compliance officer requires a section that maps each finding to specific regulatory requirements (e.g., PCI DSS, HIPAA). Which section of the report is best suited for this mapping?

Question 27mediummultiple choice
Full question →

A penetration tester is preparing the final report. The client's legal team requests a document that outlines the scope, limitations, and any data handling procedures to comply with regulatory requirements. Which section of the report should include this information?

Question 28easymultiple choice
Full question →

During a penetration test, the tester identifies a low-risk information disclosure vulnerability in a public-facing web server. The tester includes this finding in the final report. Which component of the risk rating should the tester use to justify the low severity?

Question 29easymultiple choice
Full question →

A penetration tester is preparing the executive summary for a client's board of directors. Which of the following is the most appropriate content for this section?

Question 30mediummultiple choice
Full question →

A penetration tester has completed the test and is writing the findings section. For a critical vulnerability, the tester wants to provide a clear and actionable remediation recommendation. Which of the following is the best practice for writing this recommendation?

Question 31mediummultiple choice
Full question →

A penetration tester is finalizing a report for a client. The client's technical team needs a concise list of each vulnerability with its risk rating, CVSS score, and recommended remediation steps. In which section of the report should this information be placed?

More Reporting and Communication questions available in the full practice test.

Continue Practising →
←

Previous objective

Attacks and Exploits

Next objective

Tools and Code Analysis

→

All PT0-002 Objectives

  • 1.Planning and Scoping
  • 2.Information Gathering and Vulnerability Scanning
  • 3.Attacks and Exploits
  • 4.Reporting and Communication
  • 5.Tools and Code Analysis