nerdexam
EC-Council

312-50V13 · Question #242

An organization is performing a vulnerability assessment tor mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols found on the organization's mac

The correct answer is D. Inference-based assessment. Inference-Based Assessment Explanation Why D is Correct: James used inference-based assessment, which works by first building an inventory of protocols found on network machines, then inferring which services are running (email, web, database servers) based on detected ports, and

Submitted by klara.se· Mar 6, 2026Vulnerability Analysis

Question

An organization is performing a vulnerability assessment tor mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols found on the organization's machines to detect which ports are attached to services such as an email server, a web server or a database server. After identifying the services, he selected the vulnerabilities on each machine and started executing only the relevant tests. What is the type of vulnerability assessment solution that James employed in the above scenario?

Options

  • AProduct-based solutions
  • BTree-based assessment
  • CService-based solutions
  • DInference-based assessment

How the community answered

(14 responses)
  • A
    7% (1)
  • C
    7% (1)
  • D
    86% (12)

Explanation

Inference-Based Assessment Explanation

Why D is Correct: James used inference-based assessment, which works by first building an inventory of protocols found on network machines, then inferring which services are running (email, web, database servers) based on detected ports, and finally selecting and executing only the vulnerability tests relevant to those identified services - exactly what the scenario describes.

Why the Distractors are Wrong:

  • A (Product-based solutions): These are installed locally within an organization's network to scan internal systems, focusing on the deployment model rather than the methodology of test selection.
  • B (Tree-based assessment): This approach uses different strategies/tactics for each machine in a sequential, branching decision-tree format - it doesn't specifically involve protocol inventory-building followed by service inference.
  • C (Service-based solutions): These are third-party or cloud-hosted vulnerability scanning services - again describing how the service is delivered, not the methodology of inferring relevant tests from protocol data.

Memory Tip: Think "Inference = Investigate first, then deduce" - just like a detective who gathers clues (protocols/ports) before drawing conclusions (which vulnerabilities to test). If the scenario mentions building a protocol inventory first and then selecting relevant tests, it's always inference-based.

Topics

#Vulnerability Assessment#Inference-based Assessment#Service Identification#Penetration Testing

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice