CompTIA Security+ (SY0-501) — Question 336

Which of the following should a security analyst perform FIRST to determine the vulnerabilities of a legacy system?

Answer options

• A. Passive scan
• B. Aggressive scan
• C. Credentialed scan
• D. Intrusive scan

Correct answer: A

Explanation

A passive scan is the most appropriate first step because it allows the analyst to gather information without affecting the system's performance or operations. In contrast, aggressive and intrusive scans may disrupt services or alert the system's defenses, while a credentialed scan requires access credentials that may not be available at the initial assessment stage.