nerdexam
(ISC)2

CISSP · Question #275

Which of the following is the PRIMARY reason to perform regular vulnerability scanning of an organization network?

The correct answer is D. Remediate known vulnerabilities.. Regular vulnerability scanning primarily serves to identify and remediate known vulnerabilities before they can be exploited, directly reducing organizational risk.

Submitted by jaden.t· Mar 5, 2026Security Assessment and Testing

Question

Which of the following is the PRIMARY reason to perform regular vulnerability scanning of an organization network?

Options

  • AProvide vulnerability reports to management.
  • BValidate vulnerability remediation activities.
  • CPrevent attackers from discovering vulnerabilities.
  • DRemediate known vulnerabilities.

How the community answered

(22 responses)
  • B
    9% (2)
  • C
    5% (1)
  • D
    86% (19)

Why each option

Regular vulnerability scanning primarily serves to identify and remediate known vulnerabilities before they can be exploited, directly reducing organizational risk.

AProvide vulnerability reports to management.

Providing reports to management is a secondary administrative output of the scanning process, not the primary technical reason for conducting scans.

BValidate vulnerability remediation activities.

Validating remediation activities is a follow-up use of scanning after fixes have been applied, making it a downstream benefit rather than the primary driver for performing scans.

CPrevent attackers from discovering vulnerabilities.

Vulnerability scanning does not prevent attackers from discovering vulnerabilities; determined attackers can conduct their own reconnaissance, so this is not a reliable or primary objective of the scanning process.

DRemediate known vulnerabilities.Correct

The primary purpose of vulnerability scanning is to identify known vulnerabilities in systems, applications, and configurations so that they can be remediated. By consistently finding and fixing weaknesses, organizations reduce their attack surface and lower the risk of exploitation. All other activities (reporting, validation, etc.) are secondary outcomes that support this core goal.

Concept tested: Purpose and goals of vulnerability scanning

Source: https://www.nist.gov/publications/technical-guide-information-security-testing-and-assessment

Topics

#Vulnerability scanning#Vulnerability management#Remediation#Security assessment

Community Discussion

No community discussion yet for this question.

Full CISSP Practice