A security engineer is performing an assessment again for a company. The security engineer examines the following output from the review:
Which of the following tools is the engineer utilizing to perform this assessment?
A. Vulnerability scanner
B. SCAP scanner
C. Port scanner
D. Interception proxy
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
B SCAP scanner
A. Vulnerability scanner (No. Agree with “Confused Guy” A vulnerability scanner will usually just give you ratings ranging from INFO, LOW, MEDIUM, HIGH and CRITICAL and have particular signatures its looking for.)
B. SCAP scanner (Yes, SCAP scan compare with a predefined parameter to scan for status. This looks like status to me.)
C. Port scanner (definitely no)
D. Interception proxy (No)
B. SCAP scanner
I say its A as well, I use SCAP and this is def not the output of a SCAP result.
B: SCAP Scanner
I believe the answer should be B.
SCAP Scanner
The Security Content Automation Protocol (SCAP) is a protocol that employs existing open security standards in order to conduct vulnerability scans––while measuring and ranking the discovered vulnerabilities according to predetermined baselines.
In the scenario, he says he performs an assessment. However, he does not indicate that he is comparing against a standard baseline or for compliance purpose. SCAP scanner is mainly use for compliance purposes or against a open standard baseline.
Sorry correction should be A (typo earlier).
I know you didnt pass
I’m going for B for the fact an assessment was previously performed (compliance).
I don’t know about this one guys. I would have to go with B on this one because some of these checks listed look like some form of a compliance check. Mainly because of the password complexity (bold) field and also the second listed item. A vulnerability scanner will usually just give you ratings ranging from INFO, LOW, MEDIUM, HIGH and CRITICAL and have particular signatures its looking for.
A. sounds better then B., I agree with Vulnerability scanner
yes it is confusing because SCAP can also be a fit but i think A
SCAP scans are used for compliance. The output does not show vulnerabilities but what appears to be an compliance output.
I think A? any thoughts?