A vulnerability assessment report has been submitted to a client. The client indicates that one third of the hosts that were in scope are missing from the report. In which phase of the assessment was this error MOST likely made?
A. Enumeration
B. Reporting
C. Detection
D. Discovery
Agree – D
https://www.cdc.gov/cancer/npcr/images/vmlc.gif
I disagree. D is better IMO
Enumeration: the action of mentioning a number of things one by one.
A is correct. D is getting the work done which is not the idea in CISSP
I think A. The wording says the devices were already in scope
I mean to say D is correct.