Validating which vulnerabilities in a network environment are able to be exploited by an attacker is called what?
Validating which vulnerabilities in a network environment are able to be exploited by an attacker is called what?
Validating which vulnerabilities in a network environment are able to be exploited by an attacker is called penetration testing. Penetration testing involves actively attempting to exploit vulnerabilities in the network to assess their accessibility and the potential impact if exploited. Vulnerability scanning, on the other hand, identifies vulnerabilities but does not involve attempts to exploit them.
This should be D. Testing a network's security controls to determine actual, exploitable vulnerabilities is called penetration testing.
This should be B - Notice the wording of the question - "Validating" you don't validate vulnerabilities by penetration testing. That's for Vulnerability scanning. The purpose of penetration testing is to determine if the security posture of the targets involved is robust and can withstand exploit attacks, if vulnerabilities are found then you exploit the vulnerabilities.
A vulnerability scan only uncovers weaknesses in your system, but a penetration test discovers weaknesses and attempts to exploit them. Often, a penetration test costs more than a vulnerability scan. answ B