A company hires outside security experts to evaluate the security status of the corporate network. All of the
company’s IT resources are outdated and prone to crashing. The company requests that all testing be
performed in a way which minimizes the risk of system failures. Which of the following types of testing does the
company want performed?

A.
Penetration testing

B.
WAF testing

C.
Vulnerability scanning

D.
White box testing

Explanation:
Vulnerability scanning has minimal impact on network resource due to the passive nature of the scanning.
A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and
vulnerabilities. The threats and vulnerabilities are then evaluated in a risk assessment and the necessary
actions taken to resolve and vulnerabilities. A vulnerability scan scans for known weaknesses such as missing
patches or security updates.
A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing
systems in a network in order to determine if and where a system can be exploited and/or threatened. While
public servers are important for communication and data transfer over the Internet, they open the door to
potential security breaches by threat agents, such as malicious hackers.
Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws,
testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an
enterprise can use to tighten the network’s security.