nerdexam
CompTIA

SY0-301 · Question #318

Which of the following would verify that a threat does exist and security controls can easily be bypassed without actively testing an application?

The correct answer is B. Vulnerability scan. A vulnerability scanner (e.g., Nessus, OpenVAS) probes systems for known vulnerabilities, misconfigurations, and missing patches by matching findings against a database of known issues. It confirms that a vulnerability exists and that security controls may be inadequate - without

Security operations

Question

Which of the following would verify that a threat does exist and security controls can easily be bypassed without actively testing an application?

Options

  • AProtocol analyzer
  • BVulnerability scan
  • CPenetration test
  • DPort scanner

How the community answered

(70 responses)
  • A
    4% (3)
  • B
    91% (64)
  • C
    3% (2)
  • D
    1% (1)

Explanation

A vulnerability scanner (e.g., Nessus, OpenVAS) probes systems for known vulnerabilities, misconfigurations, and missing patches by matching findings against a database of known issues. It confirms that a vulnerability exists and that security controls may be inadequate - without actually exploiting anything (i.e., without active testing). A penetration test goes further and actively attempts exploitation to prove impact. A protocol analyzer captures traffic. A port scanner only identifies open ports. Vulnerability scanning is explicitly a passive-to-light-probe method that identifies risk without crossing into active exploitation.

Topics

#vulnerability scan#penetration testing#passive assessment#security controls

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice