CompTIA CySA+ (CS0-001) — Question 14

A university wants to increase the security posture of its network by implementing vulnerability scans of both centrally managed and student/employee laptops.
The solution should be able to scale, provide minimum false positives and high accuracy of results, and be centrally managed through an enterprise console.
Which of the following scanning topologies is BEST suited for this environment?

Answer options

• A. A passive scanning engine located at the core of the network infrastructure
• B. A combination of cloud-based and server-based scanning engines
• C. A combination of server-based and agent-based scanning engines
• D. An active scanning engine installed on the enterprise console

Correct answer: D

Explanation

The correct answer is D because an active scanning engine on the enterprise console can actively assess vulnerabilities in real-time, providing accurate results and central management. Options A and B may not provide the required central management and real-time scanning capabilities, while C focuses on agent-based solutions that may not be as effective for scalability and centralized control.