Certified Ethical Hacker (CEH v11) — Question 154

Why is a penetration test considered to be more thorough than vulnerability scan?

Answer options

• A. Vulnerability scans only do host discovery and port scanning by default.
• B. A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation.
• C. It is not ג€" a penetration test is often performed by an automated tool, while a vulnerability scan requires active engagement.
• D. The tools used by penetration testers tend to have much more comprehensive vulnerability databases.

Correct answer: B

Explanation

The correct answer is B because a penetration test goes beyond identifying vulnerabilities by actively exploiting them, providing a deeper understanding of the security posture. In contrast, option A describes the limitations of vulnerability scans, option C incorrectly implies that penetration tests are less hands-on, and option D, while true about tools, does not address the core difference in testing methods.