Open-source and commercial tools are both recommended for vulnerability assessment.

• A. Only open-source tools are recommended.
• B. Tools are unnecessary for vulnerability assessment.
• C. Only commercial tools are recommended.
• D. Both open-source and commercial tools are recommended.

Answer: (D)

Using both open-source and commercial tools gives a more complete vulnerability assessment. Open-source tools offer flexibility, rapid updates from the community, and no licensing cost, which makes it easy to tailor scans and cover a wide range of platforms. Commercial tools bring vendor support, more polished reporting, enterprise-grade features, and often broader or deeper vulnerability coverage for complex environments. Together, they help you validate findings across different scanners, reduce gaps in coverage, and lower the chances of false positives or missed vulnerabilities. Manual checks alone can’t scale to modern networks, so relying on a mix of tools is the most effective approach.