A penetration tester is tasked with performing a comprehensive vulnerability assessment on a fleet of production servers. A recent security audit raised concerns about potential rootkits and insecure file permissions that might be missed by network-level scanning. The tester has been granted administrator-level access to each server. To address the audit's findings, which of the following scanning approaches should the tester use?
An authenticated host-based scan uses administrator-level credentials to log in to a system and perform a deep inspection of its internal state. This approach is necessary to discover vulnerabilities like rootkits (hidden processes) and insecure file permissions, which are not visible to external or unauthenticated scans. Unauthenticated network scans only assess the system from an external perspective, network traffic analysis inspects data in transit, and a firewall rule-base review assesses network access controls; none of these methods can see the internal configuration of the host.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an authenticated host-based scan?
Open an interactive chat with Bash
Why are rootkits difficult to detect without an authenticated scan?
Open an interactive chat with Bash
How does an authenticated scan differ from a network traffic analysis?