nerdexam
EC-Council

312-50V10 · Question #702

To maintain compliance with regulatory requirements, a security audit of the systems on a network must be performed to determine their compliance with security policies. Which one of the following too

The correct answer is D. Vulnerability scanner. A vulnerability scanner is the correct tool for security compliance audits because it systematically tests systems against known security weaknesses and policy baselines.

Vulnerability Analysis

Question

To maintain compliance with regulatory requirements, a security audit of the systems on a network must be performed to determine their compliance with security policies. Which one of the following tools would most likely be used in such an audit?

Options

  • AProtocol analyzer
  • BIntrusion Detection System
  • CPort scanner
  • DVulnerability scanner

How the community answered

(27 responses)
  • A
    7% (2)
  • C
    4% (1)
  • D
    89% (24)

Why each option

A vulnerability scanner is the correct tool for security compliance audits because it systematically tests systems against known security weaknesses and policy baselines.

AProtocol analyzer

A protocol analyzer (packet sniffer) captures and decodes network traffic for troubleshooting or forensics but does not assess system configuration or compliance posture.

BIntrusion Detection System

An Intrusion Detection System (IDS) monitors live network traffic or host activity for signs of active attacks but does not audit systems for configuration compliance with security policies.

CPort scanner

A port scanner identifies which network ports are open on a system, providing only a partial view of the attack surface without assessing configuration, patch levels, or policy compliance.

DVulnerability scannerCorrect

Vulnerability scanners enumerate systems on a network, probe them for known misconfigurations, missing patches, weak settings, and policy violations, then produce reports mapping findings to compliance frameworks. This makes them purpose-built for auditing whether systems meet defined security policies and regulatory requirements such as PCI-DSS, HIPAA, or CIS benchmarks.

Concept tested: Vulnerability scanning for security policy compliance auditing

Source: https://www.nist.gov/publications/technical-guide-information-security-testing-and-assessment

Topics

#vulnerability scanning#compliance audit#security assessment#regulatory compliance

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice