A financial services company is planning to conduct a vulnerability scan on its network. The company is bound by strict regulatory requirements that limit the times during which intensive network scanning can be performed. Additionally, they need to minimize performance impact on their operational systems during business hours. What is the most appropriate approach for scheduling the scan?
Run the scan continuously throughout the day to cover both peak and off-peak traffic.
Delegate the scan times to an automated system, without regard for specific regulatory requirements.
Perform the scan during off-peak hours to comply with regulatory requirements and to minimize impact.
Schedule the scan during peak business hours to ensure it captures real-time traffic patterns.
Scheduling vulnerability scans during off-peak hours is the best approach as it directly addresses the two main constraints mentioned in the scenario: regulatory requirements and performance impact. Conducting resource-intensive scans during periods of low system usage ensures compliance with time-based regulatory rules and minimizes interference with critical business operations. Scanning during peak business hours would likely disrupt operations and may not be compliant with regulations. Running an intensive scan continuously would likely cause persistent performance degradation. Ignoring regulatory requirements when scheduling is not a viable or compliant option for a financial services company.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are vulnerability scans, and why are they important?
Open an interactive chat with Bash
What are off-peak hours, and why are they chosen for scans?
Open an interactive chat with Bash
What regulatory requirements might impact vulnerability scan scheduling?