312-50V11 · Question #797
Why is a penetration test considered to be more thorough than vulnerability scan?
The correct answer is B. A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a. A penetration test is more thorough because it goes beyond identifying vulnerabilities to actively exploiting them, confirming real-world impact.
Question
Why is a penetration test considered to be more thorough than vulnerability scan?
Options
- AVulnerability scans only do host discovery and port scanning by default.
- BA penetration test actively exploits vulnerabilities in the targeted infrastructure, while a
- CIt is not - a penetration test is often performed by an automated tool, while a vulnerability scan
- DThe tools used by penetration testers tend to have much more comprehensive vulnerability
How the community answered
(33 responses)- A3% (1)
- B79% (26)
- C12% (4)
- D6% (2)
Why each option
A penetration test is more thorough because it goes beyond identifying vulnerabilities to actively exploiting them, confirming real-world impact.
Vulnerability scans perform far more than host discovery and port scanning - they actively probe services for known CVEs, misconfigurations, and software weaknesses.
A penetration test includes an active exploitation phase where testers attempt to leverage discovered vulnerabilities to gain unauthorized access or escalate privileges, demonstrating actual risk. A vulnerability scan only passively identifies and catalogs potential weaknesses without confirming exploitability, making the penetration test a more comprehensive and thorough assessment.
This reverses reality - vulnerability scans are typically automated, while penetration tests rely on skilled human testers who manually analyze systems and chain exploits together.
Tool comprehensiveness is not the defining distinction; the fundamental difference is that pen testers actively exploit findings rather than just reporting them.
Concept tested: Penetration testing vs vulnerability scanning methodology
Source: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf
Topics
Community Discussion
No community discussion yet for this question.