Certified Ethical Hacker (CEH v12) — Question 14
An organization is performing a vulnerability assessment for mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols found on the organization’s machines to detect which ports are attached to services such as an email server, a web server, or a database server. After identifying the services, he selected the vulnerabilities on each machine and started executing only the relevant tests.
What is the type of vulnerability assessment solution that James employed in the above scenario?
Answer options
- A. Service-based solutions
- B. Product-based solutions
- C. Tree-based assessment
- D. Inference-based assessment
Correct answer: D
Explanation
James utilized inference-based assessment as he built an inventory of protocols and services to identify vulnerabilities relevant to each machine. This method focuses on deducing vulnerabilities based on the identified services. The other options do not accurately reflect the systematic approach taken by James in assessing the organization’s vulnerabilities.