Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v12 All Questions

View all questions & answers for the 312-50v12 exam
Go to Exam

Exam 312-50v12 topic 1 question 177 discussion

Actual exam question from ECCouncil's 312-50v12
Question #: 177
Topic #: 1
[All 312-50v12 Questions]

In the process of implementing a network vulnerability assessment strategy for a tech company, the security analyst is confronted with the following scenarios:

1) A legacy application is discovered on the network, which no longer receives updates from the vendor.
2) Several systems in the network are found running outdated versions of web browsers prone to distributed attacks.
3) The network firewall has been configured using default settings and passwords.
4) Certain TCP/IP protocols used in the organization are inherently insecure.

The security analyst decides to use vulnerability scanning software. Which of the following limitations of vulnerability assessment should the analyst be most cautious about in this context?

  • A. Vulnerability scanning software cannot define the impact of an identified vulnerability on different business operations
  • B. Vulnerability scanning software is not immune to software engineering flaws that might lead to serious vulnerabilities being missed
  • C. Vulnerability scanning software is limited in its ability to detect vulnerabilities at a given point in time
  • D. Vulnerability scanning software is limited in its ability to perform live tests on web applications to detect errors or unexpected behavior
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by DarioReymag at Feb. 6, 2024, 10:38 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
xavi79
6 months, 2 weeks ago
answer is B Based on ChatGPT
upvoted 1 times
...
LordXander
7 months, 3 weeks ago
Selected Answer: A
So...there are 3 choices that make sense. A - because VA don't have context, which is 100% true B - this one is debatable because every single vulnerability is due to software engineering flaws. However, for some a pentest might find them. C - that's applicable to VA/Pentests/Audits, hence too broad D - no A is the most correct one, however C could be a valid option generally speaking
upvoted 1 times
...
Jonas9042
8 months ago
B: "Vulnerability scanning software is not immune to software engineering flaws that might lead to serious vulnerabilities being missed." While all the options represent potential limitations of vulnerability assessment, option B highlights a critical concern. Vulnerability scanning software, like any software, can have its own flaws or limitations in its ability to accurately detect vulnerabilities. These flaws could range from misconfigurations to incomplete vulnerability databases or algorithms. Consequently, serious vulnerabilities might go undetected if the scanning software fails to properly identify them. It's important for the security analyst to be aware of this limitation and not solely rely on vulnerability scanning software. They should complement automated scanning with manual checks, penetration testing, and other security measures to ensure comprehensive coverage and accuracy in identifying vulnerabilities within the network.
upvoted 1 times
...
qtygbapjpesdayazko
8 months, 3 weeks ago
Selected Answer: A
A. Vulnerability scanning software cannot define the impact of an identified vulnerability on different business operations. The problems described will not change their criticality over time, so C will not change the results.
upvoted 1 times
...
brrbrr
9 months ago
Selected Answer: C
C. Vulnerability scanning software is limited in its ability to detect vulnerabilities at a given point in time. While vulnerability scanning is a valuable tool for identifying known vulnerabilities in a network, it's important to note that it provides a snapshot of the system's security posture at a specific moment.
upvoted 2 times
...
insaniunt
9 months, 2 weeks ago
Selected Answer: A
I think A. Vulnerability scanning software cannot define the impact of an identified vulnerability on different business operations
upvoted 3 times
...
xbsumz
9 months, 2 weeks ago
Im a bit hesitant about the effectiveness of this CEH technique
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel