CompTIA CySA+ (CS0-001) — Question 33

A security analyst is creating baseline system images to remediate vulnerabilities found in different operating systems. Each image needs to be scanned before it is deployed. The security analyst must ensure the configurations match industry standard benchmarks and the process can be repeated frequently. Which of the following vulnerability options would BEST create the process requirements?

Answer options

• A. Utilizing an operating system SCAP plugin
• B. Utilizing an authorized credential scan
• C. Utilizing a non-credential scan
• D. Utilizing a known malware plugin

Correct answer: A

Explanation

The correct answer, A, is effective because SCAP plugins automate the scanning process against established benchmarks, ensuring compliance and repeatability. Options B and C involve different scanning methods that may not align with standardized benchmarks, while D focuses on malware detection, which does not address the requirement for configuration compliance.