Which of the following would be used to identify the security posture of a network without actually
exploiting any weaknesses?
A.
Penetration test
B.
Code review
C.
Vulnerability scan
D.
Brute Force scan
Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions
This is ONE TIME OFFER
50%
kEY WORD: without actually exploiting – = PASSIVE APPROACH
A – Is an active approach
D- Is an active approach
In addition to that:
B – A code review is time consuming and will not help in identifying the security posture.
So the correct answer is C: Vulnerability scan
A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened.
While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers.
Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network’s security.
Vulnerability scanning typically refers to the scanning of systems that are connected to the Internet but can also refer to system audits on internal networks that are not connected to the Internet in order to assess the threat of rogue software or malicious employees in an enterprise.
0
0