nerdexam
EC-Council

312-50V11 · Question #797

Why is a penetration test considered to be more thorough than vulnerability scan?

The correct answer is B. A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a. A penetration test is more thorough because it goes beyond identifying vulnerabilities to actively exploiting them, confirming real-world impact.

Vulnerability Analysis

Question

Why is a penetration test considered to be more thorough than vulnerability scan?

Options

  • AVulnerability scans only do host discovery and port scanning by default.
  • BA penetration test actively exploits vulnerabilities in the targeted infrastructure, while a
  • CIt is not - a penetration test is often performed by an automated tool, while a vulnerability scan
  • DThe tools used by penetration testers tend to have much more comprehensive vulnerability

How the community answered

(33 responses)
  • A
    3% (1)
  • B
    79% (26)
  • C
    12% (4)
  • D
    6% (2)

Why each option

A penetration test is more thorough because it goes beyond identifying vulnerabilities to actively exploiting them, confirming real-world impact.

AVulnerability scans only do host discovery and port scanning by default.

Vulnerability scans perform far more than host discovery and port scanning - they actively probe services for known CVEs, misconfigurations, and software weaknesses.

BA penetration test actively exploits vulnerabilities in the targeted infrastructure, while aCorrect

A penetration test includes an active exploitation phase where testers attempt to leverage discovered vulnerabilities to gain unauthorized access or escalate privileges, demonstrating actual risk. A vulnerability scan only passively identifies and catalogs potential weaknesses without confirming exploitability, making the penetration test a more comprehensive and thorough assessment.

CIt is not - a penetration test is often performed by an automated tool, while a vulnerability scan

This reverses reality - vulnerability scans are typically automated, while penetration tests rely on skilled human testers who manually analyze systems and chain exploits together.

DThe tools used by penetration testers tend to have much more comprehensive vulnerability

Tool comprehensiveness is not the defining distinction; the fundamental difference is that pen testers actively exploit findings rather than just reporting them.

Concept tested: Penetration testing vs vulnerability scanning methodology

Source: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf

Topics

#penetration testing#vulnerability scanning#active exploitation#security assessment

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice