Jane has recently implemented a new network design at her organization and wishes to passively
identify security issues with the new network. Which of the following should Jane perform?

A.
Vulnerability assessment

B.
Black box testing

C.
White box testing

D.
Penetration testing

Explanation:
Vulnerability scanning has minimal impact on network resources due to the passive nature of the
scanning.
A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and
vulnerabilities. The threats and vulnerabilities are then evaluated in a risk assessment and the
necessary actions taken to resolve and vulnerabilities. A vulnerability scan scans for known

weaknesses such as missing patches or security updates.
A vulnerability scan is the automated process of proactively identifying security vulnerabilities of
computing systems in a network in order to determine if and where a system can be exploited
and/or threatened. While public servers are important for communication and data transfer over
the Internet, they open the door to potential security breaches by threat agents, such as malicious
hackers.
Vulnerability scanning employs software that seeks out security flaws based on a database of
known flaws, testing systems for the occurrence of these flaws and generating a report of the
findings that an individual or an enterprise can use to tighten the network’s security.