Certified Ethical Hacker (CEH v12) — Question 197

A large e-commerce organization is planning to implement a vulnerability assessment solution to enhance its security posture. They require a solution that imitates the outside view of attackers, performs well-organized inference-based testing, scans automatically against continuously updated databases, and supports multiple networks. Given these requirements, which type of vulnerability assessment solution would be most appropriate?

Answer options

• A. Inference-based assessment solution
• B. Tree-based assessment approach
• C. Product-based solution installed on a private network
• D. Service-based solution offered by an auditing firm

Correct answer: D

Explanation

The correct answer is D because a service-based solution provided by an auditing firm can effectively simulate external attacker perspectives, utilize updated databases for scanning, and manage assessments across multiple networks. Options A and B do not specifically address the need for an external viewpoint or comprehensive network support, while C limits the assessment to a private network, which does not fulfill the requirements of the organization.