A security specialist has been asked to evaluate a corporate network by performing a vulnerability
assessment. Which of the following will MOST likely be performed?

A.
Identify vulnerabilities, check applicability of vulnerabilities by passively testing security
controls.

B.
Verify vulnerabilities exist, bypass security controls and exploit the vulnerabilities.

C.
Exploit security controls to determine vulnerabilities and misconfigurations.

D.
Bypass security controls and identify applicability of vulnerabilities by passively testing security
controls.

Explanation:
We need to determine if vulnerabilities exist by passively testing security controls.
A vulnerability scan is the automated process of proactively identifying security vulnerabilities of
computing systems in a network in order to determine if and where a system can be exploited
and/or threatened. While public servers are important for communication and data transfer over
the Internet, they open the door to potential security breaches by threat agents, such as malicious
hackers.
Vulnerability scanning employs software that seeks out security flaws based on a database of
known flaws, testing systems for the occurrence of these flaws and generating a report of the
findings that an individual or an enterprise can use to tighten the network’s security.
Vulnerability scanning typically refers to the scanning of systems that are connected to the Internet
but can also refer to system audits on internal networks that are not connected to the Internet in
order to assess the threat of rogue software or malicious employees in an enterprise.