CompTIA Security+ (SY0-501) — Question 113

A penetration testing is preparing for a client engagement in which the tester must provide data that proves and validates the scanning tools' results.
Which of the following is the best method for collecting this information?

Answer options

• A. Set up the scanning system's firewall to permit and log all outbound connections
• B. Use a protocol analyzer to log all pertinent network traffic
• C. Configure network flow data logging on all scanning system
• D. Enable debug level logging on the scanning system and all scanning tools used.

Correct answer: B

Explanation

The best method to validate scanning tool results is to use a protocol analyzer to log all relevant network traffic, as this provides direct evidence of the data being scanned. Other options, like adjusting firewall settings or enabling logging features, may not capture the necessary traffic detail needed for effective validation.