312-50V12 · Question #34
312-50V12 Question #34: Real Exam Question with Answer & Explanation
The correct answer is B: Use a scan tool like Nessus. Vulnerability discovery on a Windows system is best performed using an active scanning tool that probes the host for known weaknesses, misconfigurations, and missing patches.
Question
Your company was hired by a small healthcare provider to perform a technical assessment on the network. What is the best approach for discovering vulnerabilities on a Windows-based computer?
Options
- AUse the built-in Windows Update tool
- BUse a scan tool like Nessus
- CCheck MITRE.org for the latest list of CVE findings
- DCreate a disk image of a clean Windows installation
Explanation
Vulnerability discovery on a Windows system is best performed using an active scanning tool that probes the host for known weaknesses, misconfigurations, and missing patches.
Common mistakes.
- A. Windows Update only identifies and remediates missing Microsoft patches; it does not scan for third-party software vulnerabilities, misconfigurations, open ports, or other security weaknesses that a full vulnerability assessment requires.
- C. Checking MITRE's CVE list provides a reference database of publicly known vulnerabilities but does not actively probe or assess whether a specific Windows machine is actually affected by any of those vulnerabilities.
- D. Creating a disk image of a clean Windows installation is a baseline or forensic preservation technique and provides no mechanism for identifying vulnerabilities present on the target system being assessed.
Concept tested. Vulnerability scanning tools for security assessments
Reference. https://docs.tenable.com/nessus/Content/GetStarted.htm
Topics
Community Discussion
No community discussion yet for this question.