CompTIA CySA+ (CS0-003) — Question 33

A company is in the process of implementing a vulnerability management program. Which of the following scanning methods should be implemented to minimize the risk of OT/ICS devices malfunctioning due to the vulnerability identification process?

Answer options

• A. Non-credentialed scanning
• B. Passive scanning
• C. Agent-based scanning
• D. Credentialed scanning

Correct answer: B

Explanation

Passive scanning is the best option here because it monitors traffic and activities without actively probing the devices, thereby reducing the risk of disruption. Non-credentialed scanning may miss vulnerabilities, while agent-based and credentialed scanning could potentially interfere with the operation of OT/ICS devices.