CompTIA
SY0-301 · Question #117
SY0-301 Question #117: Real Exam Question with Answer & Explanation
The correct answer is A: Vulnerability assessment. A vulnerability assessment passively identifies security weaknesses in a network by scanning and analyzing it without actively exploiting those weaknesses, making it the correct choice for passive identification.
Question
Jane has recently implemented a new network design at her organization and wishes to passively identify security issues with the new network. Which of the following should Jane perform?
Options
- AVulnerability assessment
- BBlack box testing
- CWhite box testing
- DPenetration testing
Explanation
A vulnerability assessment passively identifies security weaknesses in a network by scanning and analyzing it without actively exploiting those weaknesses, making it the correct choice for passive identification.
Common mistakes.
- B. Black box testing is a form of penetration testing where the tester has no prior knowledge of the environment and actively attempts exploitation, which is not passive.
- C. White box testing is a penetration testing approach where the tester has full knowledge of the environment and actively tests it, which is also not passive.
- D. Penetration testing actively exploits vulnerabilities to demonstrate their impact, making it an active rather than passive security assessment technique.
Concept tested. Vulnerability assessment as passive security identification
Reference. https://csrc.nist.gov/glossary/term/vulnerability_assessment
Community Discussion
No community discussion yet for this question.