CompTIA Security Plus Mock Test Q705

A large multinational corporation with networks in 30 countries wants to establish an understanding of their overall public-facing network attack surface. Which of the following security techniques would be BEST suited for this?

A. External penetration test
B. Internal vulnerability scan
C. External vulnerability scan
D. Internal penetration test


Correct Answer: C
Section: Threats and Vulnerabilities

Explanation:
In this question, we need to determine the public-facing network attack surface. We therefore need to perform a vulnerability scan from outside the network; in other words, an external
vulnerability scan.
A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be
exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat
agents, such as malicious hackers.
Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of
the findings that an individual or an enterprise can use to tighten the network’s security.
Vulnerability scanning typically refers to the scanning of systems that are connected to the Internet but can also refer to system audits on internal networks that are not connected to
the Internet in order to assess the threat of rogue software or malicious employees in an enterprise.

Incorrect Answers:
A: Penetration testing evaluates an organization’s ability to protect its networks, applications, computers and users from attempts to circumvent its security controls to gain
unauthorized or privileged access to protected assets.
The difference between a vulnerability scan and a penetration test is that by performing a penetration test, you are actually trying to access a system by exploiting a known weakness in
the system. Vulnerability scanning is the process of scanning to detect the potential weaknesses.
B: In this question, we need to determine the public-facing network attack surface. We therefore need to perform a vulnerability scan from outside the network; in other words, an
external vulnerability scan, not an internal vulnerability scan.
D: Penetration testing evaluates an organization’s ability to protect its networks, applications, computers and users from attempts to circumvent its security controls to gain
unauthorized or privileged access to protected assets.
The difference between a vulnerability scan and a penetration test is that by performing a penetration test, you are actually trying to access a system by exploiting a known weakness in
the system. Vulnerability scanning is the process of scanning to detect the potential weaknesses. The test should also be in external test, not an internal test.

References:
http://www.webopedia.com/TERM/V/vulnerability_scanning.html