CompTIA Security Plus Mock Test Q662

A security specialist has been asked to evaluate a corporate network by performing a vulnerability assessment. Which of the following will MOST likely be performed?

A. Identify vulnerabilities, check applicability of vulnerabilities by passively testing security controls.
B. Verify vulnerabilities exist, bypass security controls and exploit the vulnerabilities.
C. Exploit security controls to determine vulnerabilities and misconfigurations.
D. Bypass security controls and identify applicability of vulnerabilities by passively testing security controls.


Correct Answer: A
Section: Threats and Vulnerabilities

Explanation:
We need to determine if vulnerabilities exist by passively testing security controls.
A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be
exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat
agents, such as malicious hackers.
Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of
the findings that an individual or an enterprise can use to tighten the network’s security.
Vulnerability scanning typically refers to the scanning of systems that are connected to the Internet but can also refer to system audits on internal networks that are not connected to
the Internet in order to assess the threat of rogue software or malicious employees in an enterprise.

Incorrect Answers:
B: Verifying vulnerabilities exist, bypassing security controls and exploiting the vulnerabilities describes an attack on the system or a penetration test. Penetration testing evaluates an
organization’s ability to protect its networks, applications, computers and users from attempts to circumvent its security controls to gain unauthorized or privileged access to protected
assets. A penetration test can test one method at a time of accessing one system at a time. A vulnerability scan can scan for all vulnerabilities on multiple systems and is therefore a
better answer.
C: Exploiting security controls to determine vulnerabilities and misconfigurations would be a slow and manual way of performing a vulnerability assessment. A vulnerability scan is an
automated process of scanning for all vulnerabilities on multiple systems and is therefore a better answer.
D: We need to first identify any vulnerabilities before we can check the applicability of the vulnerabilities.

References:
http://www.webopedia.com/TERM/V/vulnerability_scanning.html