nerdexam
EC-Council

312-50V10 · Question #914

Why is a penetration test considered to be more thorough than vulnerability scan?

The correct answer is B. A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a. A penetration test is more thorough than a vulnerability scan because it actively exploits vulnerabilities to confirm real-world impact, rather than simply detecting and reporting potential weaknesses.

Information Security and Ethical Hacking Fundamentals

Question

Why is a penetration test considered to be more thorough than vulnerability scan?

Options

  • AVulnerability scans only do host discovery and port scanning by default.
  • BA penetration test actively exploits vulnerabilities in the targeted infrastructure, while a
  • CIt is not ?a penetration test is often performed by an automated tool, while a vulnerability scan
  • DThe tools used by penetration testers tend to have much more comprehensive vulnerability

How the community answered

(34 responses)
  • B
    94% (32)
  • C
    3% (1)
  • D
    3% (1)

Why each option

A penetration test is more thorough than a vulnerability scan because it actively exploits vulnerabilities to confirm real-world impact, rather than simply detecting and reporting potential weaknesses.

AVulnerability scans only do host discovery and port scanning by default.

Vulnerability scans perform far more than host discovery and port scanning - they also fingerprint software versions, detect missing patches, identify misconfigurations, and match findings against CVE databases.

BA penetration test actively exploits vulnerabilities in the targeted infrastructure, while aCorrect

A penetration test includes an active exploitation phase in which the tester uses attacker techniques to actually compromise vulnerable systems, proving that a vulnerability is genuinely exploitable and determining what an attacker could access or damage. A vulnerability scan only performs detection using signatures, version checks, and configuration analysis without attempting exploitation, so it can produce false positives and cannot confirm actual risk. The exploitation and post-exploitation phases of a penetration test provide evidence of impact that a scan fundamentally cannot deliver.

CIt is not ?a penetration test is often performed by an automated tool, while a vulnerability scan

This inverts reality - vulnerability scans are primarily automated tool-driven processes, while penetration tests rely heavily on skilled human testers applying manual judgment and creative attack techniques.

DThe tools used by penetration testers tend to have much more comprehensive vulnerability

Tool comprehensiveness is not the defining distinction between the two approaches - the critical difference is active exploitation versus passive detection, not which toolset has broader signature coverage.

Concept tested: Penetration testing vs vulnerability scanning active exploitation distinction

Source: https://csrc.nist.gov/publications/detail/sp/800-115/final

Topics

#penetration testing#vulnerability scanning#active exploitation#methodology comparison

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice