Which tool can provide a complete inventory during client-side assessments?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Which tool can provide a complete inventory during client-side assessments?

Explanation:
When you need a full view of what’s on a Windows client—the software installed, patch levels, and security configurations—the best-fit tool is designed for collecting that exact inventory across endpoints. MBSA (Microsoft Baseline Security Analyzer) is built to inventory installed software, check patch status, and flag missing updates or misconfigurations, delivering a centralized report that represents the complete state of the client machine. This makes it ideal for client-side assessments where the goal is a comprehensive inventory. Other tools have different strengths: Nessus focuses on identifying vulnerabilities across hosts, Metasploit is an exploitation framework, and Burp Suite targets web applications, not OS-level inventory.

When you need a full view of what’s on a Windows client—the software installed, patch levels, and security configurations—the best-fit tool is designed for collecting that exact inventory across endpoints. MBSA (Microsoft Baseline Security Analyzer) is built to inventory installed software, check patch status, and flag missing updates or misconfigurations, delivering a centralized report that represents the complete state of the client machine. This makes it ideal for client-side assessments where the goal is a comprehensive inventory. Other tools have different strengths: Nessus focuses on identifying vulnerabilities across hosts, Metasploit is an exploitation framework, and Burp Suite targets web applications, not OS-level inventory.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy