CompTIA Security+ (SY0-501) — Question 1000

Which of the following is commonly done as part of a vulnerability scan?

Answer options

• A. Exploiting misconfigured applications
• B. Cracking employee passwords
• C. Sending phishing emails to employees
• D. Identifying unpatched workstations

Correct answer: D

Explanation

The correct answer is D because vulnerability scans focus on discovering security weaknesses, such as unpatched systems. The other options involve active exploitation or social engineering tactics, which are not part of the vulnerability scanning process.