Which of the following security operations is used for determining the attack surface of an organization?
A. Running a network scan to detect network services in the corporate DMZ
B. Training employees on
the security policy regarding social engineering
C. Reviewing the need for a security clearance for each employee
D. Using configuration management to determine when and where to apply security patches
For a network scan the goal is to document
the exposed attack surface along with any easily detected vulnerabilities.
References: