nerdexam
CompTIA

SY0-301 · Question #251

A security specialist has been asked to evaluate a corporate network by performing a vulnerability assessment. Which of the following will MOST likely be performed?

The correct answer is A. Identify vulnerabilities, check applicability of vulnerabilities by passively testing security controls.. A vulnerability assessment is a passive evaluation process - its goal is to identify and catalog vulnerabilities, then check whether those vulnerabilities are applicable to the target environment through passive testing. It does NOT involve exploiting vulnerabilities or bypassing

Security operations

Question

A security specialist has been asked to evaluate a corporate network by performing a vulnerability assessment. Which of the following will MOST likely be performed?

Options

  • AIdentify vulnerabilities, check applicability of vulnerabilities by passively testing security controls.
  • BVerify vulnerabilities exist, bypass security controls and exploit the vulnerabilities.
  • CExploit security controls to determine vulnerabilities and mis-configurations.
  • DBypass security controls and identify applicability of vulnerabilities by passively testing security controls.

How the community answered

(27 responses)
  • A
    70% (19)
  • B
    7% (2)
  • C
    19% (5)
  • D
    4% (1)

Explanation

A vulnerability assessment is a passive evaluation process - its goal is to identify and catalog vulnerabilities, then check whether those vulnerabilities are applicable to the target environment through passive testing. It does NOT involve exploiting vulnerabilities or bypassing security controls; that is the domain of penetration testing. Option B and C describe penetration testing activities (exploitation, bypassing controls). Option D is incorrect because it mixes bypassing controls (an active/offensive action) into what should be a passive assessment. Option A correctly defines a vulnerability assessment: identify vulnerabilities and passively verify their applicability without active exploitation.

Topics

#vulnerability assessment#penetration testing#passive testing#security assessment

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice