Certified Ethical Hacker (CEH v13) — Question 247

An IT company has just implemented new security controls to their network and system setup. As a Certified Ethical Hacker, your responsibility is to assess the possible vulnerabilities in the new setup. You are given the information that the network and system are adequately patched with the latest updates, and all employees have gone through recent cybersecurity awareness training. Considering the potential vulnerability sources, what is the best initial approach to vulnerability assessment?

Answer options

• A. Conducting social engineering tests to check if employees can be tricked into revealing sensitive information
• B. Checking for hardware and software misconfigurations to identify any possible loopholes
• C. Evaluating the network for inherent technology weaknesses prone to specific types of attacks
• D. Investigating if any ex-employees still have access to the company's system and data

Correct answer: B

Explanation

The correct answer is B because checking for hardware and software misconfigurations is a fundamental step in identifying potential vulnerabilities that could be exploited. While social engineering (A), evaluating technology weaknesses (C), and checking ex-employee access (D) are also important, they are secondary to ensuring that the systems are configured correctly and securely.