CISSP · Question #535
A client has reviewed a vulnerability assessment report and has stated it is inaccurate. The client states that the vulnerabilities listed are not valid because the host's Operating system (OS) was no
The correct answer is D. Discovery. The error most likely occurred in the discovery phase of the vulnerability assessment process. Discovery is the phase where the assessor identifies the hosts, services, and applications that are present on the target network or system. Discovery can be done using active or passiv
Question
A client has reviewed a vulnerability assessment report and has stated it is inaccurate. The client states that the vulnerabilities listed are not valid because the host's Operating system (OS) was not properly detected. Where in the vulnerability assessment process did the error MOST likely occur?
Options
- AEnumeration
- BDetection
- CReporting
- DDiscovery
How the community answered
(45 responses)- A2% (1)
- B9% (4)
- C4% (2)
- D84% (38)
Explanation
The error most likely occurred in the discovery phase of the vulnerability assessment process. Discovery is the phase where the assessor identifies the hosts, services, and applications that are present on the target network or system. Discovery can be done using active or passive methods, such as scanning, sniffing, or querying. If the discovery phase is not performed correctly, the assessor may miss some hosts or misidentify their operating systems, which can lead to inaccurate or incomplete results in the subsequent phases of the vulnerability assessment
Topics
Community Discussion
No community discussion yet for this question.