CompTIA CySA+ (CS0-003) — Question 51

A company is deploying new vulnerability scanning software to assess its systems. The current network is highly segmented, and the networking team wants to minimize the number of unique firewall rules. Which of the following scanning techniques would be most efficient to achieve the objective?

Answer options

• A. Deploy agents on all systems to perform the scans
• B. Deploy a central scanner and perform non-credentialed scans
• C. Deploy a cloud-based scanner and perform a network scan
• D. Deploy a scanner sensor on every segment and perform credentialed scans

Correct answer: A

Explanation

The correct answer is A because deploying agents on all systems allows for direct scanning without requiring additional firewall rules for external traffic. The other options would either necessitate multiple firewall rules for central or cloud-based scanning or might not provide as comprehensive coverage as agent-based scans.