Which of the following would verify that a threat does exist and security controls can easily be bypassed without
actively testing an application?
A.
Protocol analyzer
B.
Vulnerability scan
C.
Penetration test
D.
Port scanner
Explanation:
A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing
systems in a network in order to determine if and where a system can be exploited and/or threatened. While
public servers are important for communication and data transfer over the Internet, they open the door to
potential security breaches by threat agents, such as malicious hackers.
Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws,
testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an
enterprise can use to tighten the network’s security.
Vulnerability scanning typically refers to the scanning of systems that are connected to the Internet but can also
refer to system audits on internal networks that are not connected to the Internet in order to assess the threat of
rogue software or malicious employees in an enterprise.
Incorrect Answers:
A: A design review is not performed primarily to detect security threats on a network. Reviewing the design of a
system or network can be performed for many reasons including performance, availability etc. whereas a
vulnerability scan is performed specifically to discover security threats on a network.Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014,
p. 345