nerdexam
(ISC)2

CISSP · Question #336

A vulnerability assessment report has been submitted to a client. The client indicates that one third of the hosts that were in scope are missing from the report. In which phase of the assessment was

The correct answer is D. Discovery. The discovery phase of a vulnerability assessment is the process of identifying and enumerating the hosts, services, and applications that are in scope of the assessment. This phase involves techniques such as network scanning, port scanning, service scanning, and banner grabbing

Submitted by eva_at· Mar 5, 2026Security Assessment and Testing

Question

A vulnerability assessment report has been submitted to a client. The client indicates that one third of the hosts that were in scope are missing from the report. In which phase of the assessment was this error MOST likely made?

Options

  • AEnumeration
  • BReporting
  • CDetection
  • DDiscovery

How the community answered

(65 responses)
  • A
    8% (5)
  • B
    5% (3)
  • C
    3% (2)
  • D
    85% (55)

Explanation

The discovery phase of a vulnerability assessment is the process of identifying and enumerating the hosts, services, and applications that are in scope of the assessment. This phase involves techniques such as network scanning, port scanning, service scanning, and banner grabbing. If one third of the hosts that were in scope are missing from the report, it means that the discovery phase was not performed properly or completely, and some hosts were not detected or included in the assessment. The enumeration, reporting, and detection phases are not likely to cause this error, as they depend on the results of the discovery phase.

Topics

#vulnerability assessment#discovery phase#assessment methodology

Community Discussion

No community discussion yet for this question.

Full CISSP Practice