nerdexam
GIAC

GCFA · Question #32

GCFA Question #32: Real Exam Question with Answer & Explanation

The correct answer is A. Security scanners are only as smart as their database and cannot find unpublished vulnerabilities. B. Security scanners cannot perform vulnerability linkage. D. Security scanners are not designed to do testing through a firewall.. Security scanners have well-known limitations including database-bound detection, inability to chain vulnerabilities, and poor effectiveness when scanning through firewalls from an external network.

Question

Adam works as a professional Penetration tester. A project has been assigned to him to employ penetration testing on the network of Umbrella Inc. He is running the test from home and had downloaded every security scanner from the Internet. Despite knowing the IP range of all of the systems, and the exact network configuration, Adam is unable to get any useful results. Which of the following is the most like cause of this problem? Each correct answer represents a complete solution. Choose all that apply.

Options

  • ASecurity scanners are only as smart as their database and cannot find unpublished vulnerabilities.
  • BSecurity scanners cannot perform vulnerability linkage.
  • CSecurity scanners are smart as their database and can find unpublished vulnerabilities.
  • DSecurity scanners are not designed to do testing through a firewall.

Explanation

Security scanners have well-known limitations including database-bound detection, inability to chain vulnerabilities, and poor effectiveness when scanning through firewalls from an external network.

Common mistakes.

  • C. This statement is factually incorrect and directly contradicts choice A - security scanners cannot detect unpublished or zero-day vulnerabilities because they have no signature to match against.

Concept tested. Limitations of automated security scanners in penetration testing

Reference. https://owasp.org/www-project-web-security-testing-guide/stable/3-The_OWASP_Testing_Framework/1-Penetration_Testing_Methodologies

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCFA Practice