nerdexam
(ISC)2

CISSP · Question #535

A client has reviewed a vulnerability assessment report and has stated it is inaccurate. The client states that the vulnerabilities listed are not valid because the host's Operating system (OS) was no

The correct answer is D. Discovery. The error most likely occurred in the discovery phase of the vulnerability assessment process. Discovery is the phase where the assessor identifies the hosts, services, and applications that are present on the target network or system. Discovery can be done using active or passiv

Submitted by tom_us· Mar 5, 2026Security Assessment and Testing

Question

A client has reviewed a vulnerability assessment report and has stated it is inaccurate. The client states that the vulnerabilities listed are not valid because the host's Operating system (OS) was not properly detected. Where in the vulnerability assessment process did the error MOST likely occur?

Options

  • AEnumeration
  • BDetection
  • CReporting
  • DDiscovery

How the community answered

(45 responses)
  • A
    2% (1)
  • B
    9% (4)
  • C
    4% (2)
  • D
    84% (38)

Explanation

The error most likely occurred in the discovery phase of the vulnerability assessment process. Discovery is the phase where the assessor identifies the hosts, services, and applications that are present on the target network or system. Discovery can be done using active or passive methods, such as scanning, sniffing, or querying. If the discovery phase is not performed correctly, the assessor may miss some hosts or misidentify their operating systems, which can lead to inaccurate or incomplete results in the subsequent phases of the vulnerability assessment

Topics

#vulnerability assessment#discovery phase#OS fingerprinting#scanning errors

Community Discussion

No community discussion yet for this question.

Full CISSP Practice