During an internal penetration test, you must evaluate a segmented network that requires users to authenticate before they can access any file shares or internal web applications. Which type of vulnerability scan will BEST identify weaknesses that are only exposed after a user successfully logs in and receives the associated privileges?
Gather passive DNS and WHOIS information about the organization's domain
Run an unauthenticated external vulnerability scan from the network perimeter
Conduct a stealth TCP SYN port scan against all hosts in the segment
Perform an authenticated vulnerability scan using a standard (least-privilege) user account
An authenticated (credentialed) vulnerability scan logs in with valid credentials and therefore executes its checks in the context of that account's privileges. This allows the scanner to detect missing patches, insecure configuration settings, or authorization faults that are invisible to an unauthenticated or purely network-level scan. Unauthenticated external scans, port sweeps, and passive reconnaissance each reveal only what is visible without legitimate access and will miss flaws tied specifically to logged-in user permissions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an authenticated vulnerability scan?
Open an interactive chat with Bash
Why is an authenticated scan more effective than an unauthenticated scan in some scenarios?
Open an interactive chat with Bash
What types of weaknesses does an authenticated scan detect that an unauthenticated scan might miss?