PrepAway - Latest Free Exam Questions & Answers

which of the following is the company hiring the consul…

A company hires a consulting firm to crawl its Active Directory network with a non-domain account looking for unpatched systems. Actively taking control of systems is out of scope, as is the creation of new administrator accounts. For which of the following is the company hiring the consulting firm?

PrepAway - Latest Free Exam Questions & Answers

A.
Vulnerability scanning

B.
Penetration testing

C.
Application fuzzing

D.
User permission auditing

PrepAway - Latest Free Exam Questions & Answers

6 Comments on “which of the following is the company hiring the consul…

  1. I think A is the correct answer. They’re just looking for unpatched systems and they also said “Actively taking control of systems is out of scope”. Looks like it’s more of a passive scan than an active lets-actually-hack-this-motherfucker scan that would be used in penetration testing.




    6



    0
    1. ezspader says:

      I believe pinging and banner grabbing are considered active vulnerability scans. It crosses into pen testing when you take that information and change something on the system, or at least put yourself in a position to change something.




      2



      0
  2. ezspader says:

    My instructor gave us this question and answered it B. 2 tasks are listed “out of scope.” I would assume that leaves other tasks in scope (create a user account!?). Would you even have a scope for vulnerability scanning?

    I answered A and didn’t like his answer. Now I have to wonder.




    0



    0

Leave a Reply