Which of the following is not a typical part of a penetration test report?

In a penetration test report, the focus is primarily on summarizing findings, providing recommendations, and identifying the assets that were tested. A summary of findings gives stakeholders a clear overview of vulnerabilities discovered, while recommendations for remediation guide the organization on how to address those vulnerabilities. Furthermore, identifying the assets tested ensures transparency and clarity about the scope and coverage of the penetration test.

Revealing all sensitive data that was gathered during the test is not typical in a penetration test report. While the report will likely highlight vulnerabilities and their impact, it would not disclose all sensitive data due to privacy, security, and legal implications. This approach helps maintain the confidentiality of any sensitive information that may have been uncovered during the assessment and protects both the organization being tested and the testing team from potential misuse of that information.