A security architect is working with a new customer to find a vulnerability assessment solution that meets the following requirements:
• Fast scanning
• The least false positives possible
• Signature-based
• A low impact on servers when performing a scan
In addition, the customer has several screened subnets, VLANs, and branch offices. Which of the following will BEST meet the customer's needs?
To meet the requirements of fast scanning, the least false positives possible, signature-based detection, and low impact on servers, agent-based scanning is the best choice. Agent-based scanning involves installing lightweight software agents on the target systems to be scanned. These agents perform scans locally, reducing the impact on network and server resources. They also provide accurate results with fewer false positives as they have direct access to system information and can tailor scans based on specific system configurations. Additionally, agent-based scanners include signature-based detection capabilities for identifying known vulnerabilities.
C. Unauthenticated scanning would be the BEST option for the customer's needs. Unauthenticated scanning is fast, signature-based, and has a low impact on servers when performing a scan. It also has the least false positives possible when compared to authenticated scanning, which requires credentials to be entered to perform deeper scans. Additionally, unauthenticated scanning can be used across subnets, VLANs, and branch offices since it doesn't require a connection to the network devices to perform the scan .
Agent-based compared to Unauthenticated in regards to the requirements: the need for accuracy and minimizing false positives would outweigh the slightly higher impact on the server. P1s3c mentions that unauthenticated scanning may produce more false positives. If the question stated "the lowest impact on servers" then I would have gone with C. Although, in this case, it seems to prioritize the "least false positives possible". Agent-based has the least false positives
Agree with agent-based with less impacts on the server
To meet the customer's requirements for fast scanning, minimal false positives, signature-based scanning, and low impact on servers, the best choice would be authenticated scanning. Here's why authenticated scanning aligns with the specified requirements: Fast Scanning: Authenticated scanning typically tends to be faster because it has access to the target systems and can collect detailed information more efficiently. Least False Positives: Authenticated scanning can provide accurate and detailed information about the target systems, reducing false positives compared to unauthenticated scans. Signature-Based: Authenticated scanning can use signatures and authenticated checks to identify vulnerabilities, making it signature-based. Low Impact on Servers: Since authenticated scans have access to the target systems, they can gather data in a less intrusive manner, resulting in a lower impact on servers compared to some unauthenticated scans.
Unauthenticated scanning is fast, has a lower impact on servers, and generates fewer false positives
Ultimately, the choice between unauthenticated scanning, agent-based scanning, or other methods depends on the specific requirements, constraints, and priorities of the organization. If minimizing the impact on servers is a critical factor, agent-based scanning could be a suitable option.
Given the specific requirements of fast scanning, the least false positives, signature-based, and low impact on servers, the more appropriate choice is: D. Agent-based scanning Agent-based solutions often provide accurate results with fewer false positives, as they have direct access to system information and can tailor scans based on the specifics of each system. Source:ChatGPT
Agent-based scanning. "Agent-based scanning is suitable for organizations with a geographically diverse workforce, particularly if the organization includes remote workers." Agent-based scanning runs on the device and doesn't connect back to a server. Agent-based scanning is on the device and requires credentials, so it is more accurate that unauthenticated scanning. Source: https://www.beyondsecurity.com/blog/agent-based-vs-agent-less-scanning
Unauthenticated Scanning: Unauthenticated scanning involves scanning a network or system without using specific credentials or authentication. It's typically faster because it doesn't require the scanner to log in or provide credentials, and it's signature-based, which means it uses known patterns or signatures to identify vulnerabilities. It's also less likely to generate false positives since it's scanning from an external perspective. This type of scanning is suitable for quickly assessing the security posture of servers and systems in diverse network environments, including screened subnets, VLANs, and branch offices.
D. Agent-based scanning Agent-based scanning involves installing lightweight software agents on the target systems to be scanned. These agents collect data and perform scans locally, which reduces the impact on servers during scanning. They can also provide more accurate results since they interact directly with the local environment and applications.
Option C: Unauthenticated scanning would be the BEST solution for the customer's needs. It is a fast, signature-based scanning technique that requires no credentials to perform a scan. Since it does not require any credentials, it is a low-impact scanning method on servers, which meets the requirement. However, unauthenticated scanning may produce more false positives than authenticated scanning. It is best suited for external vulnerability scanning and would be useful in identifying vulnerabilities in screened subnets, VLANs, and branch offices.
changed my option to D. "least false positives" guide here. although agent-based scanning would require software to be installed on each target system, which could be impractical for large environments without a central management solution. have this issue at my current job
Fast scanning: Agent-based scanners can perform scans quickly because they are installed directly on the endpoints and can operate continuously in the background. Least false positives: Agents have direct access to the systems they are monitoring, which can help reduce false positives compared to network-based scanning methods. Signature-based: Agent-based solutions often include signature-based detection capabilities to identify known vulnerabilities. Low impact on servers: Because agents operate locally, they typically have a lower impact on network bandwidth and can be configured to use minimal system resources during scans.
Unauthenticated scanning: This type of scanning can be faster and have a lower impact on servers, but it tends to produce more false positives and misses vulnerabilities that authenticated or agent-based scans would detec