CompTIA Security+ (SY0-501) — Question 916

A security administrator begins assessing a network with software that checks for available exploits against a known database, using both credentials and external scripts. A report will be compiled and used to confirm patching levels. This is an example of:

Answer options

• A. penetration testing
• B. fuzzing
• C. static code analysis
• D. vulnerability scanning

Correct answer: D

Explanation

The correct answer is D, vulnerability scanning, as it involves identifying known vulnerabilities in a system using automated tools. Penetration testing (A) is more focused on exploiting vulnerabilities, fuzzing (B) tests for software bugs by inputting random data, and static code analysis (C) analyzes source code for vulnerabilities without executing it.