A well-structured penetration testing report should be clear, objective-driven, and include an executive summary to communicate findings effectively to both technical teams and executives.

Option A (Keeping video/audio of everything) ❌: Not required. Video/audio documentation is rarely used in penetration testing reports.

Option B (Keeping reports 5-10 pages) ❌: Reports vary in length based on scope and complexity. There is no strict page limit.

Option C (Basing recommendations on risk score) ❌: Risk scores are important, but the report should also provide remediation guidance, exploitability context, and business impact.

Option D (Clear objectives & executive summary) ✅: Correct.

The executive summary helps non-technical stakeholders understand risks and priorities.

The report should be detailed yet clear, focusing on findings, impact, and remediation.

???? Reference: CompTIA PenTest+ PT0-003 Official Guide – Penetration Testing Reports & Communication