CompTIA Security+ (SY0-601) — Question 275

Which of the following would MOST likely be identified by a credentialed scan but would be missed by an uncredentialed scan?

Answer options

• A. Vulnerabilities with a CVSS score greater than 6.9.
• B. Critical infrastructure vulnerabilities on non-IP protocols.
• C. CVEs related to non-Microsoft systems such as printers and switches.
• D. Missing patches for third-party software on Windows workstations and servers.

Correct answer: D

Explanation

The correct answer is D because credentialed scans can access detailed system information and identify missing patches for third-party software that uncredentialed scans cannot see. Options A, B, and C may be detectable by both types of scans, as they focus on known vulnerabilities or protocols rather than specific patch levels or software configurations.