A security administrator has established a secure baseline for all company servers. To ensure the ongoing security of these systems against new threats and unintentional misconfigurations from software updates, which of the following practices is most effective?
Periodic vulnerability scanning is the most effective practice for continuously monitoring systems against a known baseline and identifying new vulnerabilities or misconfigurations that may arise from changes like software updates. While establishing a secure baseline is the essential first step, it is a point-in-time configuration that must be regularly verified. A one-time penetration test also provides a snapshot analysis but does not account for ongoing system changes. Log aggregation is critical for detecting and responding to security events as they occur but is less effective at proactively identifying underlying vulnerabilities before an exploit is attempted.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some common types of vulnerabilities that periodic scanning can detect?
Open an interactive chat with Bash
How often should organizations perform vulnerability scans?
Open an interactive chat with Bash
What tools are commonly used for vulnerability scanning?