ISC2 Governance, Risk and Compliance (CGRC) Practice Question
During a compliance assessment of a cloud-hosted payroll system, you must verify that patch-management controls are effective. You plan to run an authenticated vulnerability scan against the production servers. Which preparatory action will best ensure accurate results and minimize false positives?
Restrict the scan to the scanner's default TCP port list to minimize its network footprint.
Temporarily disable host-based intrusion prevention or firewalls on all servers before starting the scan.
Schedule the scan during normal production traffic to observe realistic network conditions.
Provide the scanner with read-only privileged credentials for each server so it can log in during the scan.
Providing the scanner with read-only privileged credentials is the most effective way to improve scan accuracy and reduce false positives. With valid credentials, the scanner can log into each host, enumerate installed patches, and directly compare software versions with current vulnerability data-avoiding the guesswork and banner-based assumptions that often lead to misidentified findings.
Running the scan during peak production hours can introduce performance issues and noisy results. Temporarily disabling host-based intrusion-prevention or firewall services may prevent them from blocking probes, but it also increases risk and is unnecessary if the scanner's address can simply be whitelisted; moreover, it does not by itself address false positives caused by lack of internal visibility. Restricting the scan to a limited default port list reduces coverage and can miss services on non-standard ports, increasing the chance of undiscovered vulnerabilities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why are read-only privileged credentials recommended for vulnerability scans?
Open an interactive chat with Bash
What are false positives in vulnerability scanning, and why should they be avoided?
Open an interactive chat with Bash
Why is running scans during normal production traffic not recommended?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
Assessment/Audit of Security and Privacy Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .