Vulnerability quiz: Question No. 1

What is the difference between a network vulnerability assessment and a penetration test?
C. A penetration test exploits vulnerabilities, and a vulnerability assessment finds vulnerabilities.

A vulnerability assessment looks for the holes in an environment, which can be vulnerable services running, unpatched systems, misconfigurations, open ports, etc. Although vulnerability scanning tools are different in many ways, they all do this same basic functionality. If a company wants to know that the vulnerability is truly a threat and understand the depth of the vulnerability, the vulnerability will need to be exploited. The activity of exploiting vulnerabilities with the purpose of proving that an intruder can enter the environment through a specific vulnerability is called a penetration test. Most vulnerability scanning assessment tools have penetration testing capabilities that can be calibrated through configurations.

Back to quiz.