nerdexam
CompTIA

SY0-301 · Question #38

Which of the following would a security administrator implement in order to discover comprehensive security threats on a network?

The correct answer is C. Vulnerability scan. A vulnerability scan actively probes network hosts and services to identify known security weaknesses, misconfigurations, and potential attack vectors across the environment.

Threats, vulnerabilities, and mitigations

Question

Which of the following would a security administrator implement in order to discover comprehensive security threats on a network?

Options

  • ADesign reviews
  • BBaseline reporting
  • CVulnerability scan
  • DCode review

How the community answered

(46 responses)
  • A
    2% (1)
  • B
    2% (1)
  • C
    91% (42)
  • D
    4% (2)

Why each option

A vulnerability scan actively probes network hosts and services to identify known security weaknesses, misconfigurations, and potential attack vectors across the environment.

ADesign reviews

Design reviews evaluate the security architecture of a system during the planning or development phase and are not used for active discovery of threats on a live network.

BBaseline reporting

Baseline reporting documents the normal operating state of a system and is used to detect deviations over time, but it does not actively probe for or identify security vulnerabilities.

CVulnerability scanCorrect

A vulnerability scanner (such as Nessus or OpenVAS) systematically tests network devices, operating systems, and applications against a database of known vulnerabilities, providing comprehensive visibility into exploitable weaknesses across the entire network. It is the primary tool a security administrator uses for proactive, broad threat discovery.

DCode review

Code review is a manual or automated analysis of application source code for programming flaws and is not applicable to discovering network-wide security threats on production infrastructure.

Concept tested: Vulnerability scanning for network threat discovery

Source: https://learn.microsoft.com/en-us/azure/defender-for-cloud/deploy-vulnerability-assessment-vm

Topics

#vulnerability scanning#security assessment#threat detection#network security

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice