312-50V13 Question #399: Real Exam Question with Answer & Explanation

Question

Jude, a pen tester, examined a network from a hacker's perspective to identify exploits and vulnerabilities accessible to the outside world by using devices such as firewalls, routers, and servers. In this process, he also estimated the threat of network security attacks and determined the level of security of the corporate network. What is the type of vulnerability assessment that Jude performed on the organization?

Options

• AExternal assessment
• BPassive assessment
• CHost-based assessment
• DApplication assessment

Explanation

External Assessment is correct because Jude examined the network specifically from an outsider/hacker's perspective, focusing on vulnerabilities accessible from outside the organization using perimeter devices like firewalls, routers, and servers - this is the defining characteristic of an external vulnerability assessment, which evaluates what an external attacker could exploit.

Why the distractors are wrong:

• B (Passive Assessment) involves monitoring network traffic without actively probing systems - Jude was actively identifying exploits, not just observing.
• C (Host-based Assessment) focuses on vulnerabilities within individual internal systems (OS, software, configurations), not the network perimeter from an outsider's view.
• D (Application Assessment) targets specific application-level vulnerabilities (e.g., web apps, SQL injection), not the broader network infrastructure Jude was evaluating.

Memory Tip: Think "External = Outside-In" - whenever a question mentions a hacker's perspective, perimeter devices (firewalls/routers), and assessing what the outside world can see, that's always an External Assessment. The keyword phrase "accessible to the outside world" is your biggest clue on exam questions.

No community discussion yet for this question.