312-50V9 Question #360: Real Exam Question with Answer & Explanation

The correct answer is A: Running a network scan to detect network services in the corporate DMZ. Determining an organization's attack surface requires identifying all exposed and reachable services and entry points that an attacker could target. A network scan of the DMZ directly enumerates externally accessible services and open ports.

Question

If you are to determine the attack surface of an organization, which of the following is the BEST thing to do?

Options

ARunning a network scan to detect network services in the corporate DMZ
BReviewing the need for a security clearance for each employee
CUsing configuration management to determine when and where to apply security patches
DTraining employees on the security policy regarding social engineering

Explanation

Determining an organization's attack surface requires identifying all exposed and reachable services and entry points that an attacker could target. A network scan of the DMZ directly enumerates externally accessible services and open ports.

Common mistakes.

B. Reviewing security clearance requirements is an access control and personnel security activity, not a method for identifying technical attack surfaces.
C. Using configuration management to schedule patching addresses vulnerability remediation, not the identification or mapping of the attack surface itself.
D. Training employees on social engineering policies is a people-focused defensive control and does not directly identify or enumerate technical attack vectors.

Concept tested. Attack surface analysis via network reconnaissance

Reference. https://www.nist.gov/publications/attack-surface-definition-and-measurement

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice