Examice

Exam 312-50v12 All QuestionsBrowse all questions from this exam

Question 172

An IT company has just implemented new security controls to their network and system setup. As a Certified Ethical Hacker, your responsibility is to assess the possible vulnerabilities in the new setup. You are given the information that the network and system are adequately patched with the latest updates, and all employees have gone through recent cybersecurity awareness training. Considering the potential vulnerability sources, what is the best initial approach to vulnerability assessment?

Conducting social engineering tests to check if employees can be tricked into revealing sensitive information

Checking for hardware and software misconfigurations to identify any possible loopholes

Evaluating the network for inherent technology weaknesses prone to specific types of attacks

Investigating if any ex-employees still have access to the company's system and data

Correct Answer: B

Given that the network and system are adequately patched with the latest updates and all employees have gone through recent cybersecurity awareness training, the immediate concern should be identifying any possible hardware and software misconfigurations. Even with up-to-date patches and trained employees, configuration errors can still introduce significant vulnerabilities. Addressing these potential loopholes first ensures that the system's foundational setup is secure before moving on to other types of assessments.

Discussion

LordXanderOption: B

It's B because misconfiguration still can occur after proper pathing and training

qtygbapjpesdayazkoOption: B

Keyword "new setup". Checking for hardware and software misconfigurations to identify any possible loopholes

insaniuntOption: B

B. Checking for hardware and software misconfigurations to identify any possible loopholes

GK2205Option: B

The key to this question is "Best .. initial ..."

brrbrrOption: C

Given that the network and system are adequately patched, and employees have undergone recent cybersecurity awareness training, the best initial approach to vulnerability assessment would likely be: C. Evaluating the network for inherent technology weaknesses prone to specific types of attacks. While all the options are important aspects of a comprehensive vulnerability assessment, evaluating the network for inherent technology weaknesses helps identify potential vulnerabilities that may exist due to the configuration, design, or technology choices. This involves assessing the network for weaknesses that could be exploited by attackers, such as insecure protocols, open ports, or default configurations that may pose security risks. This step complements the information about the latest updates and cybersecurity awareness training by focusing on the technical aspects of the network's security posture.

brrbrr

actually, B is the correct answer.

athicalacker

The question mentions adequate patching, suggesting these weaknesses are likely addressed. So it can't be C. The answer is option B. Even with patches and training, misconfigurations can introduce vulnerabilities. Checking for them first allows you to identify and address fundamental flaws before proceeding to more advanced testing.

cloudgangsterOption: B

I'm not sure but i think B