Jim was having no luck performing a penetration test on his company’s network. He was running the test from home and had downloaded every security scanner he could lay his hands on. Despite knowing the IP range of all of the systems and the exact network configuration, Jim was unable to get any useful results. Why is Jim having these problems?
A.
Security scanners can’t perform vulnerability linkage
B.
Security Scanners are not designed to do testing through a firewall
C.
Security Scanners are only as smart as their database and can’t find unpublished vulnerabilities
D.
All of the above
Explanation:
Security scanners are designed to find vulnerabilities but not to use them, also they will only find well known vulnerabilities that and no zero day exploits. Therefore you can’t use a security scanner for penetration testing but need a more powerful program.
I’d argue only C is fully true, today, although B might not be practical if good security exists. A, most scanners show you a link to CVE or something so how true is that? You can’t click a button to launch the attack on cheap ones, but they at least link the finding with the security bulletins.
Know what a PEN TEST is versus a Vulnerability Assessment and actually know how to pen test in reality. He is trying to conduct a PEN TEST but only has scanners to rely on, which is lame and typical (BOOOOOOOO!). If you rely on scanners, you can’t break into what a scanner doesn’t show you exists (what the answer explains). I’ve seen 5 questions similar to this so far, different answers for each, the others more confusing and vague, so basically know pen test vs vulnerability assessment and you can weed through the misdirection.
You actually make it seem really easy with your presentation however I in finding this matter to be actually something that I think I would never understand. It kind of feels too complicated and very large for me. I am looking forward in your subsequent submit, I¦ll try to get the dangle of it!
http://www.bastcilkdoptb.com/