Which of the following would a security administrator implement in order to discover comprehensive security threats on a network?
A.
Design reviews
B.
Baseline reporting
C.
Vulnerability scan
D.
Code review
Explanation:
A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and vulnerabilities. Vulnerabilities include computer systems that do
not have the latest security patches installed.
The threats and vulnerabilities are then evaluated in a risk assessment and the necessary actions taken to resolve and vulnerabilities.
A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where
a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to
potential security breaches by threat agents, such as malicious hackers.
Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and
generating a report of the findings that an individual or an enterprise can use to tighten the network’s security. Vulnerability scanning typically refers to the scanning
of systems that are connected to the Internet but can also refer to system audits on internal networks that are not connected to the Internet in order to assess the
threat of rogue software or malicious employees in an enterprise.
Incorrect Answers:
A: A design review is not performed primarily to detect security threats on a network. Reviewing the design of a system or network can be performed for many
reasons including performance, availability etc. whereas a vulnerability scan is performed specifically to discover security threats on a network. Therefore, this
answer is incorrect.B: As the name implies, baseline reporting checks to make sure that things are operating status quo, and change detection is used to alert administrators when
modifications are made. A changes-from-baseline report can be run to pinpoint security rule breaches quickly. This is often combined with gap analysis to measure
the controls at a particular company against industry standards.
Baseline reporting may alert the security administrator to any changes in the security posture compared to the original baseline configuration. However, a
vulnerability scan is performed specifically to discover security threats on a network and is therefore a better answer. Therefore, this answer is incorrect.
D: A code review is the process of reviewing the programming code in an application. It is not used to discover security threats on a network. Therefore, this
answer is incorrect.Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 345