Western Governors University (WGU) C838 Managing Cloud Security (CCSP) Practice Exam

Vulnerability scanning is a systematic process that helps identify known vulnerabilities within a system or network. This type of security assessment is typically automated and focuses on detecting security holes, misconfigurations, and outdated software that could be exploited by attackers. By scanning for vulnerabilities, organizations can gain a better understanding of their security posture and prioritize remediation efforts.

Unlike penetration testing, which actively attempts to exploit vulnerabilities to assess the security of a system, vulnerability scanning takes a more passive approach, identifying potential weaknesses without exploiting them. Similarly, Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) are methodologies used predominantly in software development and testing phases, focusing on identifying vulnerabilities within application code or during runtime. However, these methods do not specifically emphasize the broad assessment of known security weaknesses across an entire system or network like vulnerability scanning does.

Thus, vulnerability scanning is the most fitting choice for identifying known holes in security systems, as it directly targets the detection of security vulnerabilities before they can be exploited.