CompTIA CySA+ (CS0-001) — Question 45

A security analyst is attempting to configure a vulnerability scan for a new segment on the network. Given the requirement to prevent credentials from traversing the network while still conducting a credentialed scan, which of the following is the BEST choice?

Answer options

• A. Install agents on the endpoints to perform the scan
• B. Provide each endpoint with vulnerability scanner credentials
• C. Encrypt all of the traffic between the scanner and the endpoint
• D. Deploy scanners with administrator privileges on each endpoint

Correct answer: A

Explanation

Installing agents on the endpoints allows for local scanning without the need for credentials to travel across the network, ensuring security. Providing each endpoint with credentials or encrypting traffic still exposes the credentials to some extent, and deploying scanners with administrator privileges may create security risks on those endpoints.