CompTIA Security+ (SY0-501) — Question 376

A company hires a consulting firm to crawl its Active Directory network with a non-domain account looking for unpatched systems. Actively taking control of systems is out of scope, as is the creation of new administrator accounts. For which of the following is the company hiring the consulting firm?

Answer options

• A. Vulnerability scanning
• B. Penetration testing
• C. Application fuzzing
• D. User permission auditing

Correct answer: A

Explanation

The correct answer is A, Vulnerability scanning, as the consulting firm is tasked with identifying unpatched systems without taking control. Penetration testing (B) involves exploiting vulnerabilities, which is out of scope here. Application fuzzing (C) focuses on testing applications for security flaws, and user permission auditing (D) is concerned with reviewing user access rights, neither of which align with the specified task.