CompTIA CySA+ (CS0-003) — Question 289

A security analyst is improving an organization’s vulnerability management program. The analyst cross-checks the current reports with the system’s infrastructure teams, but the reports do not accurately reflect the current patching levels. Which of the following will most likely correct the report errors?

Answer options

• A. Updating the engine of the vulnerability scanning tool
• B. Installing patches through a centralized system
• C. Configuring vulnerability scans to be credentialed
• D. Resetting the scanning tool’s plug-ins to default

Correct answer: C

Explanation

The correct answer is C because configuring vulnerability scans to be credentialed allows the scanning tool to access system information more effectively, leading to more accurate reporting of patch levels. Options A and D do not address the underlying issue of accurate data collection, while option B focuses on patch installation rather than improving the accuracy of the reports themselves.