CompTIA CySA+ (CS0-002) — Question 10

A security analyst is scanning the network to determine if a critical security patch was applied to all systems in an enterprise. The organization has a very low tolerance for risk when it comes to resource availability. Which of the following is the BEST approach for configuring and scheduling the scan?

Answer options

• A. Make sure the scan is credentialed, covers all hosts in the patch management system, and is scheduled during business hours so it can be terminated if it affects business operations.
• B. Make sure the scan is uncredentialed, covers all hosts in the patch management system, and is scheduled during off-business hours so it has the least impact on operations.
• C. Make sure the scan is credentialed, has the latest software and signature versions, covers all external hosts in the patch management system, and is scheduled during off-business hours so it has the least impact on operations.
• D. Make sure the scan is credentialed, uses a limited plug-in set, scans all host IP addresses in the enterprise, and is scheduled during off-business hours so it has the least impact on operations.

Correct answer: D

Explanation

Option D is the best choice as it ensures a credentialed scan that is thorough while limiting potential disruptions by scheduling it during off-business hours. Options A and C either risk business operations during critical hours or include unnecessary external hosts. Option B, while minimizing impact, compromises on the scan's effectiveness by being uncredentialed, potentially missing important vulnerabilities.