nerdexam
EC-Council

312-50V11 · Question #760

Your company was hired by a small healthcare provider to perform a technician assessment on the network. What is the best approach for discovering vulnerabilities on a Windows-based computer?

The correct answer is C. Use a scan tool like Nessus. A vulnerability assessment on a live Windows system requires an active scanning tool that probes for weaknesses, not a patch manager or passive reference database.

Vulnerability Analysis

Question

Your company was hired by a small healthcare provider to perform a technician assessment on the network. What is the best approach for discovering vulnerabilities on a Windows-based computer?

Options

  • ACreate a disk image of a clean Windows installation
  • BUse the built-in Windows Update tool
  • CUse a scan tool like Nessus
  • DCheck MITRE.org for the latest of CVE findings

How the community answered

(60 responses)
  • A
    2% (1)
  • B
    5% (3)
  • C
    90% (54)
  • D
    3% (2)

Why each option

A vulnerability assessment on a live Windows system requires an active scanning tool that probes for weaknesses, not a patch manager or passive reference database.

ACreate a disk image of a clean Windows installation

Creating a disk image captures system state for forensic or backup purposes and provides no mechanism for identifying active vulnerabilities on a running system.

BUse the built-in Windows Update tool

Windows Update applies available Microsoft patches but does not enumerate all vulnerabilities present, cannot assess third-party software weaknesses, and does not produce an assessment report.

CUse a scan tool like NessusCorrect

Nessus is an industry-standard vulnerability scanner that actively interrogates a live Windows target for misconfigurations, missing patches, exposed services, and known CVEs, producing a prioritized report suited for a professional assessment. It goes beyond patch status to detect third-party software flaws, weak credentials, and compliance gaps. This active discovery approach is precisely what a technician assessment engagement requires.

DCheck MITRE.org for the latest of CVE findings

MITRE's CVE database is a passive reference catalog of published vulnerabilities and does not actively probe or evaluate any specific target system.

Concept tested: Active vulnerability scanning using Nessus

Source: https://docs.tenable.com/nessus/Content/GettingStarted.htm

Topics

#vulnerability scanning#Nessus#Windows security#CVE

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice