Your coworker is out sick due to an illness. In his absence you have received the results of a vulnerability scan he ordered from an external provider. Unfortunately your coworker did not give you any information on what type of scan was conducted or what methods were used. The results show that 3 injection vulnerabilities were identified but are only possible when attempted from an authenticated user account. Based on the information you have, what type of vulnerability scan was most likely completed?

  • Non-intrusive
  • Credentialed
  • Gray box
  • Intrusive

CompTIA Security+ SY0-601
  • Attacks, Threats, and Vulnerabilities
    • This question is filed here
  • Architecture and Design
  • Implementation
  • Operations and Incident Response
  • Governance, Risk, and Compliance