Question 0282 - CISM Certified Information Security Manager

What does a network vulnerability assessment intend to identify?

A. 0-day vulnerabilities
B. Malicious software and spyware
C. Security design flaws
D. Misconfiguration and missing updates

Correct Answer: D

Explanation:

Explanation:
A network vulnerability assessment intends to identify known vulnerabilities based on common misconfigurations and missing updates. 0-day vulnerabilities by definition are not previously known and therefore are undetectable. Malicious software and spyware are normally addressed through antivirus and antispyware policies. Security design flaws require a deeper level of analysis.

CISM Certified Information Security Manager

Tag: Question 0282

CISM Certified Information Security Manager – Question0282