A security analyst is preparing to run a credentialed vulnerability scan on a production server that is protected by an Intrusion Prevention System (IPS). The analyst wants to get the most accurate results possible without interference from the IPS. Which of the following is the most appropriate action to take?
Run the scan in non-credentialed mode to avoid triggering IPS alerts.
Perform the scan during off-peak hours so the IPS is less likely to be triggered.
Whitelist the scanner's IP address in the IPS to allow the scan to run unimpeded.
Disable the IPS completely during the scanning window.
The correct answer is to whitelist the scanner's IP address. This is the standard best practice as it allows the vulnerability scanner to perform a full and accurate assessment without being blocked, while the IPS remains active to protect the network from all other traffic sources. Disabling the IPS entirely would unnecessarily expose the network to real threats during the scan. Performing the scan during off-peak hours is a good practice for managing network load but does not prevent the IPS from blocking scan traffic. Running a non-credentialed scan would provide less accurate results and would likely still be blocked by the IPS.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is whitelisting the scanner's IP address preferred over other options?
Open an interactive chat with Bash
What is the role of credentialed scans in vulnerability assessments?
Open an interactive chat with Bash
How does an IPS interfere with vulnerability scanning?