312-50V10 · Question #818
An organization is performing a vulnerability assessment tor mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols found on the organization's mac
The correct answer is C. Service-based solutions. Service-based vulnerability assessment identifies services running on network hosts and then executes only the vulnerability tests relevant to each discovered service.
Question
An organization is performing a vulnerability assessment tor mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols found on the organization's machines to detect which ports are attached to services such as an email server, a web server or a database server. After identifying the services, he selected the vulnerabilities on each machine and started executing only the relevant tests. What is the type of vulnerability assessment solution that James employed in the above scenario?
Options
- AProduct-based solutions
- BTree-based assessment
- CService-based solutions
- Dinference-based assessment
How the community answered
(30 responses)- A7% (2)
- B10% (3)
- C80% (24)
- D3% (1)
Why each option
Service-based vulnerability assessment identifies services running on network hosts and then executes only the vulnerability tests relevant to each discovered service.
Product-based solutions are software tools installed directly on local hosts to perform internal scans, not network-level service discovery combined with targeted test selection.
Tree-based assessment applies a hierarchical branching strategy to choose different test paths for different system types, not a service-inventory-to-targeted-test workflow.
Service-based solutions build an inventory of active services by mapping open ports to applications (web server, email server, database), then select and execute only the vulnerability checks applicable to each detected service. This targeted approach matches exactly how James scanned the organization and ran relevant tests per machine.
Inference-based assessment infers potential vulnerabilities from protocol inventories without the explicit step of mapping services to ports and executing service-specific tests as described.
Concept tested: Service-based vulnerability assessment methodology
Source: https://csrc.nist.gov/publications/detail/sp/800-115/final
Topics
Community Discussion
No community discussion yet for this question.