What is the primary purpose of maintaining an inventory during testing, such as a spreadsheet including system name, IP address, and OS?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

What is the primary purpose of maintaining an inventory during testing, such as a spreadsheet including system name, IP address, and OS?

Explanation:
Keeping an inventory of targets, including system name, IP address, and OS, provides a centralized, auditable map of what was discovered and where that information came from. This makes findings traceable to the exact host, which is essential for reproducibility, verification, and accurate reporting. By linking each target to the discovery source (how the host was found or identified), you can reproduce steps, validate results, and maintain clear scope boundaries. This also supports remediation planning by associating vulnerabilities with specific systems and the information sources that led to their discovery. The other options don’t fit as the primary purpose. Configuring firewall rules is about network controls, not documenting targets. Planning future pentest engagements is helpful but not the main reason to inventory during an active test. Exporting results to external tools is a downstream activity, whereas the inventory’s core value is organizing current targets and their provenance.

Keeping an inventory of targets, including system name, IP address, and OS, provides a centralized, auditable map of what was discovered and where that information came from. This makes findings traceable to the exact host, which is essential for reproducibility, verification, and accurate reporting. By linking each target to the discovery source (how the host was found or identified), you can reproduce steps, validate results, and maintain clear scope boundaries. This also supports remediation planning by associating vulnerabilities with specific systems and the information sources that led to their discovery.

The other options don’t fit as the primary purpose. Configuring firewall rules is about network controls, not documenting targets. Planning future pentest engagements is helpful but not the main reason to inventory during an active test. Exporting results to external tools is a downstream activity, whereas the inventory’s core value is organizing current targets and their provenance.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy