You are conducting penetration testing against servers on perimeter networks. Which of the following is the most likely step that comes immediately before the step that applies Common Vulnerabilities and Exposures (CVE) to scan vulnerability? (Wentz QOTD)
A. Discover hosts and IP addresses
B. Enumerate available services and resources
C. Exploit identified vulnerabilities
D. Compile and report findings

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Enumerate available services and resources.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

Vulnerability scanning using CVEs typically follows the situation when ports, services, and resources are identified and enumerated. It’s not an absolute sequence to conduct penetration testing, but a common practice.

Reference

• CEH HACKING METHODOLOGY

---

您正在對外圍網絡上的服務器進行滲透測試。 以下哪個步驟最有可能緊接在應用常見漏洞和暴露 (CVE) 掃描漏洞的步驟之前？ (Wentz QOTD)
A. 發現主機和 IP 地址
B. 列舉可用的服務和資源
C. 利用已識別的漏洞
D. 編譯和報告創立