Certified Ethical Hacker (CEH v13) — Question 238

Jude, a pen tester, examined a network from a hacker’s perspective to identify exploits and vulnerabilities accessible to the outside world by using devices such as firewalls, routers, and servers. In this process, he also estimated the threat of network security attacks and determined the level of security of the corporate network. What is the type of vulnerability assessment that Jude performed on the organization?

Answer options

• A. Application assessment
• B. External assessment
• C. Passive assessment
• D. Host-based assessment

Correct answer: B

Explanation

The correct answer is B, External assessment, because Jude was identifying vulnerabilities that are accessible from outside the corporate network. Options A, C, and D are incorrect as they refer to assessments focused on applications, internal processes, or specific hosts rather than the external threats targeting the entire network.