All 4 answers are correct but D) "analyzing service response" is probably the most exact, as all previous answers produce some response, which vulnerability scanner have to analyze.
-
Vuln. scanner connects to various (or all) ports and if there is some BANNER in the response (like HTTP header "Server: Tomcat 4.1" or initial message on SSH connection like "OpenSSL ver. 5.1"), it checks the database of vulnerabilities for that SW version in the BANNER and report it (scanner usually can't test all those vulnerabilities to confirm their presence, because it can lead to service disruption, or it is just not possible via network - for example root account is needed, etc...). Scanner injects arbitrarry data as well. After all, it analyses responses.
upvoted 1 times
...
...
This section is not available anymore. Please use the main Exam Page.312-50 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
alicenara
1 year, 2 months agoNikoTomas
8 months ago