Exam 200-201 topic 1 question 174 discussion

I agree with C as this is a 'metric', so we're looking for some sort of count rather than a specific vulnerability.

The correct answer is B Full Assets Scan Explanation A vulnerability management metric is a measurable indicator used to evaluate and track the effectiveness of a vulnerability management program. It provides insights into how well an organization identifies, assesses, and mitigates vulnerabilities across its systems. Why B. Full Assets Scan is Correct: Conducting a full assets scan is a critical component of vulnerability management. It helps ensure that all assets in the organization are checked for known vulnerabilities, misconfigurations, and compliance issues. Metrics derived from these scans, such as the number of detected vulnerabilities or the time to remediate them, are key for assessing the state of the organization's security posture.

https://purplesec.us/learn/vulnerability-management-metrics/ 6. Internal Vs External Exposure Your external internet facing applications inherently are at highest exposure to outside threats compared to internal. An organization should have separate scanners for each environment. Although an external scan has high priority, internal scans should be prioritized as well due to the potential of a threat actor entering your network and exploiting a threat is always probable.

A vulnerability management metric is a measure of the effectiveness of an organization's vulnerability management program. Full asset scan is a metric used to evaluate the coverage and accuracy of a vulnerability management program. It measures the percentage of an organization's assets that have been scanned for vulnerabilities.

from reading the book i would say B because it talks about scanning all your devices for vulnerabilities not just internet pointing devices. then running a report analysis.

b is correct

It's D