Certified Information Systems Security Professional (CISSP) — Question 171
The client of a security firm reviewed a vulnerability assessment report and claims the report is inaccurate. The client states that the vulnerabilities listed are not valid because the host’s operating system (OS) was not properly detected. Where in the vulnerability assessment process did the error MOST likely occur?
Answer options
- A. Report writing
- B. Detection
- C. Enumeration
- D. Scanning
Correct answer: D
Explanation
The error most likely occurred during the Scanning phase, where the operating system detection takes place. If the OS is not accurately identified, it can lead to incorrect vulnerability findings. While Report writing, Detection, and Enumeration are important, the initial misidentification of the OS during the Scanning phase is the root cause of the issue.