SY0-301 · Question #488
SY0-301 Question #488: Real Exam Question with Answer & Explanation
The correct answer is A: Vulnerability scan. A vulnerability scan is the least invasive method of testing security controls because it identifies weaknesses through automated probing without actively exploiting them, unlike penetration testing which simulates real attacks.
Question
Options
- AVulnerability scan
- BThreat assessment
- CPenetration test
- DPing sweep
Explanation
A vulnerability scan is the least invasive method of testing security controls because it identifies weaknesses through automated probing without actively exploiting them, unlike penetration testing which simulates real attacks.
Common mistakes.
- B. A threat assessment is a process of identifying and evaluating potential threats to an organization - it is a planning and analysis activity rather than an active technical test of implemented security controls.
- C. A penetration test goes beyond scanning by actively exploiting discovered vulnerabilities to demonstrate real-world impact, making it significantly more invasive and potentially disruptive than a vulnerability scan.
- D. A ping sweep is a simple network reconnaissance technique that only identifies live hosts by sending ICMP echo requests - it is far too narrow to test a broad range of security controls.
Concept tested. Vulnerability scanning as least-invasive security assessment
Reference. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf
Community Discussion
No community discussion yet for this question.