nerdexam
EC-Council

312-50V11 · Question #279

Which of the following business challenges could be solved by using a vulnerability scanner?

The correct answer is D. There is a monthly requirement to test corporate compliance with host application usage and. Vulnerability scanners are designed to assess systems against known security baselines and compliance requirements, making them the right tool for recurring compliance checks on host application usage and security configurations.

Vulnerability Analysis

Question

Which of the following business challenges could be solved by using a vulnerability scanner?

Options

  • AAuditors want to discover if all systems are following a standard naming convention.
  • BA web server was compromised and management needs to know if any further systems were
  • CThere is an emergency need to remove administrator access from multiple machines for an
  • DThere is a monthly requirement to test corporate compliance with host application usage and

How the community answered

(47 responses)
  • A
    6% (3)
  • B
    2% (1)
  • C
    4% (2)
  • D
    87% (41)

Why each option

Vulnerability scanners are designed to assess systems against known security baselines and compliance requirements, making them the right tool for recurring compliance checks on host application usage and security configurations.

AAuditors want to discover if all systems are following a standard naming convention.

Auditing naming conventions is a configuration management or asset inventory function, not a capability of vulnerability scanners, which focus on security weaknesses.

BA web server was compromised and management needs to know if any further systems were

Determining whether additional systems were compromised after an incident requires forensic analysis and endpoint detection tools, not a vulnerability scanner.

CThere is an emergency need to remove administrator access from multiple machines for an

Removing administrator access from machines is an identity and access management operation performed via directory services or endpoint management tools, not a vulnerability scanning function.

DThere is a monthly requirement to test corporate compliance with host application usage andCorrect

Vulnerability scanners can be configured with compliance benchmarks (such as CIS or STIG profiles) to test whether systems meet defined security and application usage policies on a scheduled basis. This aligns directly with a monthly compliance testing requirement, as the scanner identifies deviations from the accepted baseline across all in-scope hosts. Automated recurring scans make this operationally practical at scale.

Concept tested: Vulnerability scanner use cases - compliance assessment

Source: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf

Topics

#vulnerability scanner#compliance testing#security assessment#business use cases

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice