CompTIA PenTest+ (PT0-002) — Question 243

A penetration tester is performing a vulnerability scan on a large ATM network. One of the organization's requirements is that the scan does not affect legitimate clients’ usage of the ATMs. Which of the following should the tester do to best meet the company’s vulnerability scan requirements?

Answer options

• A. Use Nmap’s-T2 switch to run a slower scan and with less resources.
• B. Run the scans using multiple machines.
• C. Run the scans only during lunch hours.
• D. Use Nmap’s-host-timeout switch to skip unresponsive targets.

Correct answer: A

Explanation

The correct answer is A because using Nmap’s -T2 switch allows for a slower scan, minimizing the impact on ATM performance and user experience. Option B may not effectively address the requirement of reduced disruption, while option C could still interfere with ATM usage during peak times. Option D may skip important targets, which could lead to incomplete vulnerability assessments.