In which risk assessment stage does the security auditor map the systems and resources on a network?

A.
Penetration

B.
Cancellation

C.
Activation

D.
Discovery

Explanation:
Discovery is the task of testing the network security for effectiveness and locating weaknesses. During this stage you map out the network, the systems and resources, and attempt to discover every resource. This is the most time consuming test.
Note: The risk assessment stages usually include the following three stages: Discovery, Penetration, and Control.
Incorrect Answers:
A: In Penetration, all access controls (including login accounts and passwords) are bypassed. In this stage you inspect systems for possible weaknesses and try to break into these weaknesses.
B: There is no risk assessment stage called Cancellation.
C: Activation is not a risk assessment stage.