Your coworker is out sick due to an illness. In his absence you have received the results of a vulnerability scan he ordered from an external provider. Unfortunately your coworker did not give you any information on what type of scan was conducted or what methods were used. The results show that 3 injection vulnerabilities were identified but are only possible when attempted from an authenticated user account. Based on the information you have, what type of vulnerability scan was most likely completed?
A credentialed vulnerability scan was done. While the other answers could also be correct (e.g. it could have been an intrusive and credentialed scan) but with the information given in the question you could not know this. When a credentialed scan is used the scanner has valid user credentials while in a non-credentialed attack they do not.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a credentialed vulnerability scan?
Open an interactive chat with Bash
What are injection vulnerabilities?
Open an interactive chat with Bash
How does a non-credentialed scan differ from a credentialed scan?