GIAC Penetration Tester (GPEN) — Question 47

Your company has decided that the risk of performing a penetration test Is too great. You would like to figure out other ways to find vulnerabilities on their systems, which of the following is MOST likely to be a valid alternative?

Answer options

• A. Network scope Analysis
• B. Baseline Data Reviews
• C. Patch Policy Review
• D. Configuration Reviews

Correct answer: A

Explanation

Network scope analysis helps in identifying potential vulnerabilities by examining the network's structure and traffic patterns without the risks associated with active penetration testing. The other options, while useful for security assessments, do not directly identify vulnerabilities in the same proactive manner as network scope analysis does.