CompTIA Security+ (SY0-501) — Question 337

A security analyst is attempting to identify vulnerabilities in a customer's web application without impacting the system or its data.
Which of the following BEST describes the vulnerability scanning concept performed?

Answer options

• A. Aggressive scan
• B. Passive scan
• C. Non-credentialed scan
• D. Compliance scan

Correct answer: B

Explanation

The correct answer is B, as a passive scan identifies vulnerabilities without actively probing the system, thus minimizing the risk of disruption. In contrast, an aggressive scan (A) may overwhelm the system, a non-credentialed scan (C) lacks sufficient access to discover all vulnerabilities, and a compliance scan (D) focuses specifically on regulatory requirements rather than general vulnerabilities.