CompTIA Security+ (SY0-701) — Question 551

Which of the following activities should be performed first to compile a list of vulnerabilities in an environment?

Answer options

• A. Automated scanning
• B. Penetration testing
• C. Threat hunting
• D. Log aggregation
• E. Adversarial emulation

Correct answer: A

Explanation

Automated scanning is the appropriate first step as it systematically identifies known vulnerabilities within the environment using tools. Penetration testing, while thorough, requires prior knowledge of existing vulnerabilities and is typically a follow-up activity. Threat hunting, log aggregation, and adversarial emulation also serve important purposes, but they are not the initial actions needed to compile a list of vulnerabilities.