CISSP · Question #275
Which of the following is the PRIMARY reason to perform regular vulnerability scanning of an organization network?
The correct answer is D. Remediate known vulnerabilities.. Regular vulnerability scanning primarily serves to identify and remediate known vulnerabilities before they can be exploited, directly reducing organizational risk.
Question
Which of the following is the PRIMARY reason to perform regular vulnerability scanning of an organization network?
Options
- AProvide vulnerability reports to management.
- BValidate vulnerability remediation activities.
- CPrevent attackers from discovering vulnerabilities.
- DRemediate known vulnerabilities.
How the community answered
(22 responses)- B9% (2)
- C5% (1)
- D86% (19)
Why each option
Regular vulnerability scanning primarily serves to identify and remediate known vulnerabilities before they can be exploited, directly reducing organizational risk.
Providing reports to management is a secondary administrative output of the scanning process, not the primary technical reason for conducting scans.
Validating remediation activities is a follow-up use of scanning after fixes have been applied, making it a downstream benefit rather than the primary driver for performing scans.
Vulnerability scanning does not prevent attackers from discovering vulnerabilities; determined attackers can conduct their own reconnaissance, so this is not a reliable or primary objective of the scanning process.
The primary purpose of vulnerability scanning is to identify known vulnerabilities in systems, applications, and configurations so that they can be remediated. By consistently finding and fixing weaknesses, organizations reduce their attack surface and lower the risk of exploitation. All other activities (reporting, validation, etc.) are secondary outcomes that support this core goal.
Concept tested: Purpose and goals of vulnerability scanning
Source: https://www.nist.gov/publications/technical-guide-information-security-testing-and-assessment
Topics
Community Discussion
No community discussion yet for this question.