nerdexam
EC-Council

312-50V10 · Question #818

An organization is performing a vulnerability assessment tor mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols found on the organization's mac

The correct answer is C. Service-based solutions. Service-based vulnerability assessment identifies services running on network hosts and then executes only the vulnerability tests relevant to each discovered service.

Vulnerability Analysis

Question

An organization is performing a vulnerability assessment tor mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols found on the organization's machines to detect which ports are attached to services such as an email server, a web server or a database server. After identifying the services, he selected the vulnerabilities on each machine and started executing only the relevant tests. What is the type of vulnerability assessment solution that James employed in the above scenario?

Options

  • AProduct-based solutions
  • BTree-based assessment
  • CService-based solutions
  • Dinference-based assessment

How the community answered

(30 responses)
  • A
    7% (2)
  • B
    10% (3)
  • C
    80% (24)
  • D
    3% (1)

Why each option

Service-based vulnerability assessment identifies services running on network hosts and then executes only the vulnerability tests relevant to each discovered service.

AProduct-based solutions

Product-based solutions are software tools installed directly on local hosts to perform internal scans, not network-level service discovery combined with targeted test selection.

BTree-based assessment

Tree-based assessment applies a hierarchical branching strategy to choose different test paths for different system types, not a service-inventory-to-targeted-test workflow.

CService-based solutionsCorrect

Service-based solutions build an inventory of active services by mapping open ports to applications (web server, email server, database), then select and execute only the vulnerability checks applicable to each detected service. This targeted approach matches exactly how James scanned the organization and ran relevant tests per machine.

Dinference-based assessment

Inference-based assessment infers potential vulnerabilities from protocol inventories without the explicit step of mapping services to ports and executing service-specific tests as described.

Concept tested: Service-based vulnerability assessment methodology

Source: https://csrc.nist.gov/publications/detail/sp/800-115/final

Topics

#service-based assessment#vulnerability assessment#protocol inventory#inference-based scanning

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice