Which of the following security operations is used for determining the attack surface of an organization?
A.
Running a network scan to detect network services in the corporate DMZ
B.
Training employees on the security policy regarding social engineering
C.
Reviewing the need for a security clearance for each employee
D.
Using configuration management to determine when and where to apply security patches
Explanation:
For a network scan the goal is to document the exposed attack surface along with any easily detectedvulnerabilities.
http://meisecurity.com/home/consulting/consulting-network-scanning/