Which of the following security operations is used for determining the attack surface of an organization?

A. Running a network scan to detect network services in the corporate DMZ

B. Training employees on

the security policy regarding social engineering

C. Reviewing the need for a security clearance for each employee

D. Using configuration management to determine when and where to apply security patches

For a network scan the goal is to document

the exposed attack surface along with any easily detected vulnerabilities.

References: