Certified Ethical Hacker (CEH v13) — Question 69

A large e-commerce organization is planning to implement a vulnerability assessment solution to enhance its security posture. They require a solution that imitates the outside view of attackers, performs well-organized inference-based testing, scans automatically against continuously updated databases, and supports multiple networks. Given these requirements, which type of vulnerability assessment solution would be most appropriate?

Answer options

• A. Inference-based assessment solution
• B. Tree-based assessment approach
• C. Product-based solution installed on a private network
• D. Service-based solution offered by an auditing firm

Correct answer: D

Explanation

The correct answer is D because a service-based solution provided by an auditing firm can simulate external attacks effectively and has access to the latest threat intelligence. Options A and B are focused on specific assessment methodologies rather than the comprehensive, external perspective needed. Option C is limited to a private network and does not fulfill the requirement for multiple networks.