312-50V13 · Question #189
When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is
The correct answer is A. Data items and vulnerability scanning. The question asks what steps a security analyst should take to find inconsistencies in an assets database and verify compliance with security baselines during a formal assessment.
Question
Options
- AData items and vulnerability scanning
- BInterviewing employees and network engineers
- CReviewing the firewalls configuration
- DSource code review
How the community answered
(27 responses)- A89% (24)
- B4% (1)
- D7% (2)
Why each option
The question asks what steps a security analyst should take to find inconsistencies in an assets database and verify compliance with security baselines during a formal assessment.
To verify system compliance against a minimum security baseline and identify inconsistencies in an assets database, performing vulnerability scanning is crucial as it actively checks systems for deviations and weaknesses. Reviewing data items (e.g., configurations, inventory records) directly helps uncover discrepancies in the assets database.
Interviewing employees and network engineers provides qualitative information and operational insights but is not a direct technical method for systematically verifying system compliance or identifying database inconsistencies.
Reviewing firewall configurations is an important but narrow assessment, focusing on only one aspect of security rather than a comprehensive system baseline compliance check or assets database consistency validation.
Source code review is primarily used to identify vulnerabilities within application code itself, not to verify overall system compliance against a security baseline or to find discrepancies in an organizational assets database.
Concept tested: Security assessment methods (vulnerability scanning)
Source: https://learn.microsoft.com/en-us/azure/security-center/security-center-vulnerability-assessment-recommendations
Topics
Community Discussion
No community discussion yet for this question.