A technician has installed new vulnerability scanner software on a server that is joined to the company domain. The vulnerability scanner is able to provide visibility
over the patch posture of all company’s clients. Which of the following is being used?
A.
Gray box vulnerability testing
B.
Passive scan
C.
Credentialed scan
D.
Bypassing security controls
Explanation:
Credentialed scan: Here’s an analogy: traditional vulnerability scanning is like a mechanic evaluating a car just by looking at the outside and listening to
the motor run. It’s useful but there is so much more information available by looking under the hood and plugging into the on-board diagnostics. That level of insight
and internal perspective is what credentialed scanning lends to a security assessment.
First for a process of elimination.
We can eliminate “A.Gray box vulnerability testing” and “D.Bypassing security controls” from the onset
So it is a toss-up between “B.Passive scan” and “C.Credentialed scan”
What was installed was a “vulnerability scanner” to check the “posture” of all company’s clients. Whenever the word “posture” is mentioned in a question for this exam, the answer is invariably a “passive scan”
Yet, Both can be used to find the patch posture.
The key concept then remains that I must find the posture of ALL THE COMPANY’S CLIENTS, so this is a wide net check better done by a “Credentialed scan” using a common local admin account to all computers
Credentialed scans are scans in which the scanning computer has an account on the computer being scanned that allows the scanner to do a more thorough check looking for problems that can not be seen from the network.
Also note that there is such a thing as anon-credentialed scan
credentialed vs non-credentialed scans
If you are doing a credentialied scan (a host scan), then there is less load on the network and presumably you get better information back such a registry scan information and file attribute information. However, if you are doing a non-credentialed scan, you see the network they way an attacker would see it and you could make the assumptions that the highs found on a non-credentialed scan might be more important to fix first since those are what the bad guys will see first ——— then after that, fix the highs on a fully authenticated credentialed scan.
5
0