What is the difference between vulnerability scanning and configuration assessment?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the DSAC-11 Annex C Test with real-time quizzes and multiple-choice questions. Each question offers hints and explanations to enhance your preparedness. Boost your confidence and ensure success in your DSAC-11 Annex C exam!

Multiple Choice

What is the difference between vulnerability scanning and configuration assessment?

Explanation:
The difference being tested is what each activity aims to achieve: vulnerability scanning looks for weaknesses that could be exploited, while configuration assessment checks whether the system’s settings align with a secure baseline or policy. Vulnerability scanningAutomates checks against known weaknesses, missing patches, misconfigurations that could be exploited, and other flaws that threat actors could leverage. It results in a list of vulnerabilities with severities to guide remediation, focusing on what could go wrong if an attacker targets the system. Configuration assessment, by contrast, compares how a system is configured to a predefined secure baseline (like CIS benchmarks or internal security standards). It verifies that settings such as password policies, account lockout, auditing, and file permissions meet the required controls, and it flags deviations to be remediated so the system stays in a compliant, hardened state. Together, they cover different angles: find and fix vulnerabilities to reduce exploitable weaknesses, and ensure configurations meet established security baselines to limit potential attack surface. The other descriptions mix these roles, or misstate which activity targets baselines, new flaws, assets, or specific asset types.

The difference being tested is what each activity aims to achieve: vulnerability scanning looks for weaknesses that could be exploited, while configuration assessment checks whether the system’s settings align with a secure baseline or policy.

Vulnerability scanningAutomates checks against known weaknesses, missing patches, misconfigurations that could be exploited, and other flaws that threat actors could leverage. It results in a list of vulnerabilities with severities to guide remediation, focusing on what could go wrong if an attacker targets the system.

Configuration assessment, by contrast, compares how a system is configured to a predefined secure baseline (like CIS benchmarks or internal security standards). It verifies that settings such as password policies, account lockout, auditing, and file permissions meet the required controls, and it flags deviations to be remediated so the system stays in a compliant, hardened state.

Together, they cover different angles: find and fix vulnerabilities to reduce exploitable weaknesses, and ensure configurations meet established security baselines to limit potential attack surface. The other descriptions mix these roles, or misstate which activity targets baselines, new flaws, assets, or specific asset types.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy