312-50V13 · Question #242
An organization is performing a vulnerability assessment tor mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols found on the organization's mac
The correct answer is D. Inference-based assessment. Inference-Based Assessment Explanation Why D is Correct: James used inference-based assessment, which works by first building an inventory of protocols found on network machines, then inferring which services are running (email, web, database servers) based on detected ports, and
Question
Options
- AProduct-based solutions
- BTree-based assessment
- CService-based solutions
- DInference-based assessment
How the community answered
(14 responses)- A7% (1)
- C7% (1)
- D86% (12)
Explanation
Inference-Based Assessment Explanation
Why D is Correct: James used inference-based assessment, which works by first building an inventory of protocols found on network machines, then inferring which services are running (email, web, database servers) based on detected ports, and finally selecting and executing only the vulnerability tests relevant to those identified services - exactly what the scenario describes.
Why the Distractors are Wrong:
- A (Product-based solutions): These are installed locally within an organization's network to scan internal systems, focusing on the deployment model rather than the methodology of test selection.
- B (Tree-based assessment): This approach uses different strategies/tactics for each machine in a sequential, branching decision-tree format - it doesn't specifically involve protocol inventory-building followed by service inference.
- C (Service-based solutions): These are third-party or cloud-hosted vulnerability scanning services - again describing how the service is delivered, not the methodology of inferring relevant tests from protocol data.
Memory Tip: Think "Inference = Investigate first, then deduce" - just like a detective who gathers clues (protocols/ports) before drawing conclusions (which vulnerabilities to test). If the scenario mentions building a protocol inventory first and then selecting relevant tests, it's always inference-based.
Topics
Community Discussion
No community discussion yet for this question.