A security administrator is tasked with conducting an assessment made to establish the baseline security posture of the corporate IT infrastructure. The assessment must report actual flaws and weaknesses in the infrastructure. Due to the expense of hiring outside consultants, the testing must be performed using in-house or cheaply available resource. There cannot be a possibility of any requirement being damaged in the test.
Which of the following has the administrator been tasked to perform?
A. Risk transference
B. Penetration test
C. Threat assessment
D. Vulnerability assessment
D Vulnerability scan – not a penetration test. “There cannot be a possibility of any requirement being damaged in the test” and “must report actual flaws and weaknesses in the infrastructure” –
Not (C) Threat assessment – You must assess your data and workflows to find out what the key risks are that would damage your business, and plan to address them in order based on the threat that each one poses. To find those key risks, RUN A VULNERABILITY SCAN.