A cybersecurity analyst for a large financial institution is planning the quarterly network vulnerability scan. The institution's core banking system is a critical, 24/7 operation with high transaction volumes at all hours. While the scan is mandated for regulatory compliance, the analyst must minimize operational risk. Which of the following is the MOST important factor when scheduling the scan?
The release schedule of upcoming security patches
The local time zone of the analyst performing the scan
The regulatory deadline for submitting the scan report
The most critical factor when scheduling a vulnerability scan on a high-availability, critical system is the potential for performance degradation. Active scans consume resources like CPU, memory, and network bandwidth, which can slow down or even disrupt services. For a financial institution, any interruption to a core banking system can have significant financial and reputational consequences. Therefore, scheduling scans during the lowest possible usage periods, even if traffic is always high, is the primary consideration. While regulatory deadlines dictate the frequency (e.g., quarterly) and patching schedules influence when remediation occurs, the immediate timing of the scan must prioritize the stability of critical operations. The analyst's location is a logistical point that is secondary to the operational risk of the system being scanned.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why do vulnerability scans impact system performance?
Open an interactive chat with Bash
How can an analyst identify the lowest usage periods for a system?
Open an interactive chat with Bash
What is the difference between regulatory compliance and operational risk in scanning?