PrepAway - Latest Free Exam Questions & Answers

Which of the following would be used to identify the se…

Which of the following would be used to identify the security posture of a network without actually exploiting any weaknesses?

PrepAway - Latest Free Exam Questions & Answers

A.
Penetration test

B.
Code review

C.
Vulnerability scan

D.
Brute Force scan

Explanation:
A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where
a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to
potential security breaches by threat agents, such as malicious hackers.
Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and
generating a report of the findings that an individual or an enterprise can use to tighten the network’s security. Vulnerability scanning typically refers to the scanning
of systems that are connected to the Internet but can also refer to system audits on internal networks that are not connected to the Internet in order to assess the
threat of rogue software or malicious employees in an enterprise.
Incorrect Answers:
A: Penetration testing evaluates an organization’s ability to protect its networks, applications, computers and users from attempts to circumvent its security controls
to gain unauthorized or privileged access to protected assets.
The difference between a vulnerability scan and a penetration test is that by performing a penetration test, you are actually trying to access a system by exploiting a
weakness in the system. Therefore, this answer is incorrect.
B: A code review is the process of reviewing the programming code in an application. It is not used to identify the security posture of a network. Therefore, this
answer is incorrect.
D: A brute force scan is similar to a penetration test in that you are actually trying to access a system by exploiting a weakness in the system. Therefore, this

answer is incorrect.

http://www.webopedia.com/TERM/V/vulnerability_scanning.html


Leave a Reply