nerdexam
EC-Council

312-50V13 · Question #189

When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is

The correct answer is A. Data items and vulnerability scanning. The question asks what steps a security analyst should take to find inconsistencies in an assets database and verify compliance with security baselines during a formal assessment.

Submitted by certguy· Mar 6, 2026Vulnerability Analysis

Question

When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline?

Options

  • AData items and vulnerability scanning
  • BInterviewing employees and network engineers
  • CReviewing the firewalls configuration
  • DSource code review

How the community answered

(27 responses)
  • A
    89% (24)
  • B
    4% (1)
  • D
    7% (2)

Why each option

The question asks what steps a security analyst should take to find inconsistencies in an assets database and verify compliance with security baselines during a formal assessment.

AData items and vulnerability scanningCorrect

To verify system compliance against a minimum security baseline and identify inconsistencies in an assets database, performing vulnerability scanning is crucial as it actively checks systems for deviations and weaknesses. Reviewing data items (e.g., configurations, inventory records) directly helps uncover discrepancies in the assets database.

BInterviewing employees and network engineers

Interviewing employees and network engineers provides qualitative information and operational insights but is not a direct technical method for systematically verifying system compliance or identifying database inconsistencies.

CReviewing the firewalls configuration

Reviewing firewall configurations is an important but narrow assessment, focusing on only one aspect of security rather than a comprehensive system baseline compliance check or assets database consistency validation.

DSource code review

Source code review is primarily used to identify vulnerabilities within application code itself, not to verify overall system compliance against a security baseline or to find discrepancies in an organizational assets database.

Concept tested: Security assessment methods (vulnerability scanning)

Source: https://learn.microsoft.com/en-us/azure/security-center/security-center-vulnerability-assessment-recommendations

Topics

#Security assessment#Compliance#Vulnerability scanning#Asset management

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice