How is attack surface enumeration defined, and what are two example sources?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Study for the SANS Advanced Incident Response, Threat Hunting, and Digital Forensics (FOR508) Test. Prepare with comprehensive materials, flashcards, and multiple choice questions with hints and explanations. Ace your exam with confidence!

Multiple Choice

How is attack surface enumeration defined, and what are two example sources?

Explanation:
Attack surface enumeration is the practice of cataloging all the elements that could be targeted by an attacker. It focuses on identifying every exposed asset, service, and misconfiguration so defenders know where the weaknesses lie and what to secure. Two common sources for this work are asset inventories, which provide a centralized list of assets, their owners, and configurations, and network discovery scans, which actively probe the environment to reveal live hosts, open ports, and running services that an attacker could reach. Other options describe actions unrelated to mapping what could be attacked: encrypting assets to prevent exposure is a protective control, not enumeration; assessing incident impact by interviewing users is about understanding consequences after an event; erasing logs to cover tracks is an anti-forensic action and not about identifying the attack surface.

Attack surface enumeration is the practice of cataloging all the elements that could be targeted by an attacker. It focuses on identifying every exposed asset, service, and misconfiguration so defenders know where the weaknesses lie and what to secure. Two common sources for this work are asset inventories, which provide a centralized list of assets, their owners, and configurations, and network discovery scans, which actively probe the environment to reveal live hosts, open ports, and running services that an attacker could reach.

Other options describe actions unrelated to mapping what could be attacked: encrypting assets to prevent exposure is a protective control, not enumeration; assessing incident impact by interviewing users is about understanding consequences after an event; erasing logs to cover tracks is an anti-forensic action and not about identifying the attack surface.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy