nerdexam
(ISC)2

CISSP · Question #428

A client has reviewed a vulnerability assessment report and has stated it is Inaccurate. The client states that the vulnerabilities listed are not valid because the host's Operating System (OS) was no

The correct answer is A. Detection. Detection is the stage in the vulnerability assessment process where the error most likely occurred. Detection is the process of identifying the vulnerabilities that exist on the target system or network, using various tools and techniques, such as scanners, sniffers, or exploit

Submitted by amina.ke· Mar 5, 2026Security Assessment and Testing

Question

A client has reviewed a vulnerability assessment report and has stated it is Inaccurate. The client states that the vulnerabilities listed are not valid because the host's Operating System (OS) was not properly detected. Where in the vulnerability assessment process did the erra MOST likely occur?

Options

  • ADetection
  • BEnumeration
  • CReporting
  • DDiscovery

How the community answered

(39 responses)
  • A
    72% (28)
  • B
    3% (1)
  • C
    18% (7)
  • D
    8% (3)

Explanation

Detection is the stage in the vulnerability assessment process where the error most likely occurred. Detection is the process of identifying the vulnerabilities that exist on the target system or network, using various tools and techniques, such as scanners, sniffers, or exploit frameworks. Detection relies on the accurate identification of the host's operating system, as different operating systems may have different vulnerabilities. If the host's operating system was not properly detected, the detection process may produce false positives or false negatives, resulting in an inaccurate vulnerability assessment report.

Topics

#vulnerability assessment#OS detection#scanning errors#security testing process

Community Discussion

No community discussion yet for this question.

Full CISSP Practice