A cybersecurity analyst has been tasked to perform a vulnerability assessment for a company with the requirement that it should mimic the perspective of an external attacker. The company hosts a web application that is accessible to the public. Which of the following methods is BEST suited to meet the stated requirement and yield the most relevant results?
Running an active internal scan with agentless in-depth checks on all devices.
Performing an uncredentialed external scan of the web facing application.
Conducting a credentialed scan from within the organization’s network.
Executing a passive internal scan using network sniffing tools.
Performing an uncredentialed, external scan is the most suitable option for mimicking the perspective of an external attacker. Credentialled scans are typically used for internal assessments to provide deeper insights into the network with authenticated access. On the other hand, external scans are conducted from outside the organization's network perimeter, which best replicates how an external attacker might attempt to discover vulnerabilities without having internal network access.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a vulnerability assessment?
Open an interactive chat with Bash
What is the difference between uncredentialed and credentialed scans?
Open an interactive chat with Bash
What tools are commonly used for external vulnerability scanning?