Ethical Hacking Essentials Practice Test

Which type of vulnerability assessment is typically performed in large enterprises where asset ownership can be unclear?

• A. Unauthenticated Assessment
• B. Passive Assessment
• C. Credentialed Assessment
• D. Active Assessment

The correct answer is: Credentialed Assessment

The Credentialed Assessment is particularly suited for large enterprises where asset ownership can be ambiguous because it involves using authenticated access to systems. In this type of assessment, the evaluator is granted credentials, allowing for a more thorough scanning of resources and configurations that may not be accessible through unauthenticated attempts. This method provides deeper insights into security vulnerabilities by examining not just surface-level issues but also permissions and configurations that relate to user roles. In environments where ownership of an asset might not be directly clear, having credentialed access reduces the chances of missing vulnerabilities that might only be visible to users with specific permissions. It can identify issues that arise from misconfigurations or excessive permissions that could lead to security breaches. Overall, because it affords a comprehensive look into the security landscape from an authenticated perspective, it is the preferred approach for large enterprises managing complex assets. Passive Assessment, on the other hand, does not actively engage with network devices or systems, which may leave significant vulnerabilities undetected. Unauthenticated Assessment lacks the depth needed in environments with complex asset ownership since it only provides a surface view without user-specific context. Active Assessment usually engages directly with systems, potentially leading to disruption and not necessarily addressing the issues of asset ownership clarity.