A security analyst is preparing to run a credentialed vulnerability scan on a production server that is protected by an Intrusion Prevention System (IPS). The analyst wants to get the most accurate results possible without interference from the IPS. Which of the following is the most appropriate action to take?
Disable the IPS completely during the scanning window.
Perform the scan during off-peak hours so the IPS is less likely to be triggered.
Run the scan in non-credentialed mode to avoid triggering IPS alerts.
Whitelist the scanner's IP address in the IPS to allow the scan to run unimpeded.
The correct answer is to whitelist the scanner's IP address. This is the standard best practice as it allows the vulnerability scanner to perform a full and accurate assessment without being blocked, while the IPS remains active to protect the network from all other traffic sources. Disabling the IPS entirely would unnecessarily expose the network to real threats during the scan. Performing the scan during off-peak hours is a good practice for managing network load but does not prevent the IPS from blocking scan traffic. Running a non-credentialed scan would provide less accurate results and would likely still be blocked by the IPS.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it a bad idea to disable security controls during vulnerability scans?
Open an interactive chat with Bash
What alternatives are there to disabling security controls during scans?
Open an interactive chat with Bash
What are false positives and negatives in vulnerability scanning?