CompTIA CASP+ (CAS-004) — Question 198

A security architect is working with a new customer to find a vulnerability assessment solution that meets the following requirements:

• Fast scanning
• The least false positives possible
• Signature-based
• A low impact on servers when performing a scan

In addition, the customer has several screened subnets, VLANs, and branch offices. Which of the following will BEST meet the customer's needs?

Answer options

• A. Authenticated scanning
• B. Passive scanning
• C. Unauthenticated scanning
• D. Agent-based scanning

Correct answer: D

Explanation

Agent-based scanning is the most suitable choice as it allows for efficient scans with minimal impact on server performance, while also reducing false positives through its signature-based approach. Authenticated and unauthenticated scanning may not provide the same level of accuracy or performance, and passive scanning does not actively assess vulnerabilities, making it less effective for this scenario.