312-50V10 · Question #854
Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network lo identify the active systems, network services, applications, and vulner
The correct answer is D. Credentialed assessment. A credentialed vulnerability assessment uses authenticated access to deeply inspect systems, services, running applications, and active user sessions across the network.
Question
Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network lo identify the active systems, network services, applications, and vulnerabilities. He also obtained the list of the users who are currently accessing the network. What is the type of vulnerability assessment that Morris performed on the target organization?
Options
- Ainternal assessment
- BPassive assessment
- CExternal assessment
- DCredentialed assessment
How the community answered
(65 responses)- A3% (2)
- B6% (4)
- C14% (9)
- D77% (50)
Why each option
A credentialed vulnerability assessment uses authenticated access to deeply inspect systems, services, running applications, and active user sessions across the network.
An internal assessment describes the physical or logical position of the assessor (inside the network perimeter) and does not specifically refer to using credentials for deep authenticated inspection of systems and user sessions.
A passive assessment involves only capturing and analyzing existing network traffic without interacting with or probing hosts, which would not yield detailed application vulnerability data or enumerate currently active user sessions.
An external assessment simulates an outside attacker by scanning exclusively from outside the organizational network boundary, which contradicts Morris's insider-level visibility into user sessions and internal services.
A credentialed assessment leverages valid credentials or privileged network access to gather detailed information beyond what unauthenticated scanning can reveal, including active user sessions and installed application vulnerabilities. Morris's ability to enumerate currently logged-in users and identify application-level vulnerabilities indicates he had authenticated or elevated access to the network, which is the defining characteristic of a credentialed assessment.
Concept tested: Credentialed vulnerability assessment identification
Source: https://learn.microsoft.com/en-us/security/operations/incident-response-overview
Topics
Community Discussion
No community discussion yet for this question.