A cybersecurity analyst is tasked with performing an initial vulnerability assessment of a newly acquired company's external-facing infrastructure. The goal is to obtain a quick, unauthenticated overview of potential vulnerabilities on their web servers, mail servers, and VPN endpoints. Which scanning approach should the analyst use to BEST simulate an opportunistic external attacker and achieve this goal?
A passive scan of network traffic from the perimeter firewall.
A dynamic analysis and fuzzing scan of the primary web application.
An external, non-credentialed, active scan.
An internal, credentialed scan using agent-based software.
An external, non-credentialed, active scan is the best approach. The 'external' aspect ensures the scan is performed from the internet, simulating an outside attacker. 'Non-credentialed' means the scan is run without any special user privileges, mimicking an attacker who has no prior access. 'Active' scanning involves sending probes to the target systems to elicit responses and identify vulnerabilities, which is necessary for a comprehensive assessment of the specified servers and endpoints.
An internal, credentialed, agent-based scan is incorrect because it is performed from inside the network with full privileges, which is the opposite of the stated goal. A passive scan is less suitable because it only observes traffic and would not actively probe the various endpoints to find a full range of vulnerabilities. A dynamic analysis and fuzzing scan is too narrow, as it focuses specifically on a web application, whereas the requirement is to assess multiple types of external infrastructure.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of an external scan?
Open an interactive chat with Bash
How does an external scan differ from an internal scan?
Open an interactive chat with Bash
What tools are commonly used for external vulnerability scans?