GSEC Exam QuestionsBrowse all questions from this exam

GSEC Exam - Question 31


Validating which vulnerabilities in a network environment are able to be exploited by an attacker is called what?

Show Answer
Correct Answer: D

Validating which vulnerabilities in a network environment are able to be exploited by an attacker is called penetration testing. Penetration testing involves actively attempting to exploit vulnerabilities in the network to assess their accessibility and the potential impact if exploited. Vulnerability scanning, on the other hand, identifies vulnerabilities but does not involve attempts to exploit them.

Discussion

3 comments
Sign in to comment
HemingwayOption: D
Jun 3, 2021

This should be D. Testing a network's security controls to determine actual, exploitable vulnerabilities is called penetration testing.

Genesis777Option: B
Feb 20, 2022

This should be B - Notice the wording of the question - "Validating" you don't validate vulnerabilities by penetration testing. That's for Vulnerability scanning. The purpose of penetration testing is to determine if the security posture of the targets involved is robust and can withstand exploit attacks, if vulnerabilities are found then you exploit the vulnerabilities.

xzibOption: D
Jun 14, 2024

A vulnerability scan only uncovers weaknesses in your system, but a penetration test discovers weaknesses and attempts to exploit them. Often, a penetration test costs more than a vulnerability scan. answ B