CISSP · Question #336
A vulnerability assessment report has been submitted to a client. The client indicates that one third of the hosts that were in scope are missing from the report. In which phase of the assessment was
The correct answer is D. Discovery. The discovery phase of a vulnerability assessment is the process of identifying and enumerating the hosts, services, and applications that are in scope of the assessment. This phase involves techniques such as network scanning, port scanning, service scanning, and banner grabbing
Question
A vulnerability assessment report has been submitted to a client. The client indicates that one third of the hosts that were in scope are missing from the report. In which phase of the assessment was this error MOST likely made?
Options
- AEnumeration
- BReporting
- CDetection
- DDiscovery
How the community answered
(65 responses)- A8% (5)
- B5% (3)
- C3% (2)
- D85% (55)
Explanation
The discovery phase of a vulnerability assessment is the process of identifying and enumerating the hosts, services, and applications that are in scope of the assessment. This phase involves techniques such as network scanning, port scanning, service scanning, and banner grabbing. If one third of the hosts that were in scope are missing from the report, it means that the discovery phase was not performed properly or completely, and some hosts were not detected or included in the assessment. The enumeration, reporting, and detection phases are not likely to cause this error, as they depend on the results of the discovery phase.
Topics
Community Discussion
No community discussion yet for this question.