A-C, all can be accessed publicly. D - you need to log in to check these apps

An uncredentialed scan is performed without privileged access to the target system, meaning it does not have credentials (such as usernames and passwords) to log in to the target systems. Therefore, it can only detect vulnerabilities and missing patches based on information available externally, such as network services and banners.

D - Missing patches for third-party software on Windows workstations and servers.

Based on below I think its D. https://docs.tenable.com/nessusagent/Content/TraditionalScansUncredentialed.htm

Credentialed scans involve using valid credentials (such as usernames and passwords) to access the target system. This allows the scanning tool to perform a more in-depth assessment, including checking for missing patches on the system, which may include third-party software. D Uncredentialed scans, on the other hand, do not have access to the internal workings of the system and may miss certain vulnerabilities or issues that require authenticated access.

It will be able to find unpatched software with no listening ports like Java, PDF Reader, etc.

B. Critical infrastructure vulnerabilities on non-IP protocols. Assuming that "non IP protocols" means a system or application that isn't exposed on the network. An uncredentialed scan will not be able to see or scan any system or application that isn't exposed on the network while a credentialed scan can. D is completely wrong. It's very Common to have internet exposed third party applications installed and running on windows machines. So vulnerability scanners will be able to scan them and find unpatched vulnerabilities. One real world example: The Apache Web server running on a windows server. An uncredentialed vulnerability scan would be able to scan apache and find unpatched vulnerabilities. D is wrong.

This question is somewhat similar to question #387.The answer for #387 was 3rd party applications are not being patched and therefore that's the reason for the vulnerability scanner going off, flagging lots of hosts.

Non-IP protocols would not been seen with an uncredentialed scan because they reside internally meaning you need internal access (internal account with UN and PW) to see these IP protocols.

Answer B https://docs.tenable.com/nessus-agent/Content/TraditionalScansUncredentialed.htm Traditional Active Scans (Non-credentialed) Limitations: Can be disruptive; that is, can sometimes have a negative effect on the network, device, or application you are testing. Misses client-side vulnerabilities such as detailed patch information. ----> Can miss transient devices that are not always connected to the network.

I was on the fence initially but here's two examples why it's D. See below. https://xoslab.com/what-is-the-primary-difference-between-credentialed-and-non-credentialed-scans-2/ Question 13 States: Q13: Can non-credentialed scans identify missing patches? A13: Yes, non-credentialed scans can identify missing patches by comparing the software versions against known vulnerabilities. https://subscription.packtpub.com/book/cloud-and-networking/9781789348019/8/ch08lvl1sec90/credentialed-v-non-credentialed-scans If i had to guess i'd say that B is for credentialed scans, or there could be two right answers here.

uncredentialed scans should still be able to view software versions for 3rd party software no? I am not sure that D is the answer