CompTIA CySA+ (CS0-003) — Question 472

A company is in the process of implementing a vulnerability management program, and there are concerns about granting the security team access to sensitive data. Which of the following scanning methods can be implemented to reduce the access to systems while providing the most accurate vulnerability scan results?

Answer options

• A. Credentialed network scanning
• B. Passive scanning
• C. Agent-based scanning
• D. Dynamic scanning

Correct answer: C

Explanation

Agent-based scanning is the correct choice as it allows for a detailed assessment without requiring extensive access to systems, maintaining security over sensitive data. In contrast, credentialed network scanning often requires elevated access, passive scanning may not provide comprehensive results, and dynamic scanning focuses more on application behavior rather than system vulnerabilities.