A company hires a consulting firm to crawl its Active Directory network with a non-domain account looking for unpatched systems.
Actively taking control of systems is out of scope, as is the creation of new administrator accounts.
For which of the following is the company hiring the consulting firm?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The company has hired a consulting firm to crawl its Active Directory network with a non-domain account to identify unpatched systems. Based on this information, the consulting firm is being hired for vulnerability scanning, which is the process of identifying vulnerabilities or weaknesses in a system or network.
Vulnerability scanning involves using automated tools to identify known vulnerabilities and misconfigurations in a system or network. It is typically performed from an external perspective, like a hacker, to identify potential attack vectors.
Penetration testing, on the other hand, is a more aggressive form of testing that involves attempting to exploit identified vulnerabilities in a controlled and safe manner. This typically involves taking control of systems, which is out of scope for this engagement.
Application fuzzing is a testing technique that involves inputting random or unexpected data into an application to see if it causes unexpected behavior or crashes. This is typically used to identify software bugs or vulnerabilities in applications.
User permission auditing involves reviewing the permissions assigned to users in a system or network to identify potential security risks or compliance violations. This is not directly related to the task of identifying unpatched systems.
Therefore, the consulting firm is being hired for vulnerability scanning.