nerdexam
EC-Council

312-50V10 · Question #804

When a security analyst prepares for the formal security assessment, what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is

The correct answer is A. Data items and vulnerability scanning. Vulnerability scanning against a secure asset database identifies discrepancies and validates compliance with minimum security baselines during a formal assessment.

Vulnerability Analysis

Question

When a security analyst prepares for the formal security assessment, what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline?

Options

  • AData items and vulnerability scanning
  • BInterviewing employees and network engineers
  • CReviewing the firewalls configuration
  • DSource code review

How the community answered

(46 responses)
  • A
    93% (43)
  • C
    2% (1)
  • D
    4% (2)

Why each option

Vulnerability scanning against a secure asset database identifies discrepancies and validates compliance with minimum security baselines during a formal assessment.

AData items and vulnerability scanningCorrect

Data items review combined with vulnerability scanning directly compares the current state of assets against the documented secure asset database, surfacing inconsistencies. Vulnerability scanning also maps discovered issues against the minimum security baseline to confirm or deny compliance. This two-pronged approach is the standard technical method used in formal security assessments for asset validation.

BInterviewing employees and network engineers

Interviewing employees and engineers is a qualitative information-gathering technique and does not produce the technical data needed to identify database inconsistencies or measure baseline compliance.

CReviewing the firewalls configuration

Reviewing firewall configurations addresses network access controls only and does not cover the broader set of assets or baseline requirements across the entire system.

DSource code review

Source code review is used to find software vulnerabilities in application logic, not to audit asset databases or verify system-wide security baseline compliance.

Concept tested: Vulnerability scanning and security baseline compliance verification

Source: https://csrc.nist.gov/publications/detail/sp/800-115/final

Topics

#security baseline#vulnerability scanning#compliance assessment#asset inventory

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice