Which of the following is the MOST important guideline when using software to scan for security
exposures within a corporate network?

A.
Never use open source tools

B.
Focus only on production servers

C.
Follow a linear process for attacks

D.
Do not interrupt production processes

Explanation:

The first rule of scanning for security exposures is to not break anything. This includes the
interruption of any running processes. Open source tools are an excellent resource for performing
scans. Scans should focus on both the test and production environments since, if compromised,
the test environment could be used as a platform from which to attack production servers. Finally,
the process of scanning for exposures is more of a spiral process than a linear process.