Certified Ethical Hacker (CEH v12) — Question 127

An IT company has just implemented new security controls to their network and system setup. As a Certified Ethical Hacker, your responsibility is to assess the possible vulnerabilities in the new setup. You are given the information that the network and system are adequately patched with the latest updates, and all employees have gone through recent cybersecurity awareness training. Considering the potential vulnerability sources, what is the best initial approach to vulnerability assessment?

Answer options

• A. Conducting social engineering tests to check if employees can be tricked into revealing sensitive information
• B. Checking for hardware and software misconfigurations to identify any possible loopholes
• C. Evaluating the network for inherent technology weaknesses prone to specific types of attacks
• D. Investigating if any ex-employees still have access to the company's system and data

Correct answer: B

Explanation

The best initial approach to vulnerability assessment is checking for hardware and software misconfigurations, as these can often lead to significant security gaps. While social engineering tests (A), evaluating inherent technology weaknesses (C), and investigating ex-employees' access (D) are important, they are secondary to ensuring that the configurations are correct and secure first.