Exam CAS-004 topic 1 question 249 discussion

C. Unauthenticated scanning would be the BEST option for the customer's needs. Unauthenticated scanning is fast, signature-based, and has a low impact on servers when performing a scan. It also has the least false positives possible when compared to authenticated scanning, which requires credentials to be entered to perform deeper scans. Additionally, unauthenticated scanning can be used across subnets, VLANs, and branch offices since it doesn't require a connection to the network devices to perform the scan .

Agent-based compared to Unauthenticated in regards to the requirements: the need for accuracy and minimizing false positives would outweigh the slightly higher impact on the server. P1s3c mentions that unauthenticated scanning may produce more false positives. If the question stated "the lowest impact on servers" then I would have gone with C. Although, in this case, it seems to prioritize the "least false positives possible". Agent-based has the least false positives

Passive Scanning is the best choice. Here's the breakdown of why Passive Scanning is the best choice for the given requirements: Fast scanning: Passive scanning doesn't actively probe the systems. Instead, it listens to network traffic to detect vulnerabilities. Least false positives: Passive scanning has a lower likelihood of generating false positives because it analyzes existing network traffic, which can be more accurate in detecting actual vulnerabilities compared to active scanning methods that may trigger security measures. Signature-based: Passive scanners often use signature-based detection to match patterns of known vulnerabilities and exploits within the network traffic. Low impact on servers: Since passive scanning doesn't initiate any scans or actively interact with the servers, it has minimal impact on server performance. Screened subnets, VLANs, and branch offices: Passive scanning can be ideal in complex network environments with multiple subnets and remote offices, as it doesn't require direct access to each network segment.

Passive scanning is a technique where the system monitors network traffic and identifies vulnerabilities without actively probing or scanning the network. This method has low impact on servers, avoids false positives to a large extent (as it doesn’t rely on active probes that can sometimes misidentify issues), and is fast since it doesn’t require interacting with systems in a way that might slow them down. It also aligns well with environments that have screened subnets, VLANs, and branch offices, as passive scanners can listen to traffic from various network segments without direct interaction.

Fast scanning: Agent-based scanners can perform scans quickly because they are installed directly on the endpoints and can operate continuously in the background. Least false positives: Agents have direct access to the systems they are monitoring, which can help reduce false positives compared to network-based scanning methods. Signature-based: Agent-based solutions often include signature-based detection capabilities to identify known vulnerabilities. Low impact on servers: Because agents operate locally, they typically have a lower impact on network bandwidth and can be configured to use minimal system resources during scans.

Ultimately, the choice between unauthenticated scanning, agent-based scanning, or other methods depends on the specific requirements, constraints, and priorities of the organization. If minimizing the impact on servers is a critical factor, agent-based scanning could be a suitable option.

Given the specific requirements of fast scanning, the least false positives, signature-based, and low impact on servers, the more appropriate choice is: D. Agent-based scanning Agent-based solutions often provide accurate results with fewer false positives, as they have direct access to system information and can tailor scans based on the specifics of each system. Source:ChatGPT

To meet the customer's requirements for fast scanning, minimal false positives, signature-based scanning, and low impact on servers, the best choice would be authenticated scanning. Here's why authenticated scanning aligns with the specified requirements: Fast Scanning: Authenticated scanning typically tends to be faster because it has access to the target systems and can collect detailed information more efficiently. Least False Positives: Authenticated scanning can provide accurate and detailed information about the target systems, reducing false positives compared to unauthenticated scans. Signature-Based: Authenticated scanning can use signatures and authenticated checks to identify vulnerabilities, making it signature-based. Low Impact on Servers: Since authenticated scans have access to the target systems, they can gather data in a less intrusive manner, resulting in a lower impact on servers compared to some unauthenticated scans.

Agent-based scanning. "Agent-based scanning is suitable for organizations with a geographically diverse workforce, particularly if the organization includes remote workers." Agent-based scanning runs on the device and doesn't connect back to a server. Agent-based scanning is on the device and requires credentials, so it is more accurate that unauthenticated scanning. Source: https://www.beyondsecurity.com/blog/agent-based-vs-agent-less-scanning

Unauthenticated Scanning: Unauthenticated scanning involves scanning a network or system without using specific credentials or authentication. It's typically faster because it doesn't require the scanner to log in or provide credentials, and it's signature-based, which means it uses known patterns or signatures to identify vulnerabilities. It's also less likely to generate false positives since it's scanning from an external perspective. This type of scanning is suitable for quickly assessing the security posture of servers and systems in diverse network environments, including screened subnets, VLANs, and branch offices.

D. Agent-based scanning Agent-based scanning involves installing lightweight software agents on the target systems to be scanned. These agents collect data and perform scans locally, which reduces the impact on servers during scanning. They can also provide more accurate results since they interact directly with the local environment and applications.

Option C: Unauthenticated scanning would be the BEST solution for the customer's needs. It is a fast, signature-based scanning technique that requires no credentials to perform a scan. Since it does not require any credentials, it is a low-impact scanning method on servers, which meets the requirement. However, unauthenticated scanning may produce more false positives than authenticated scanning. It is best suited for external vulnerability scanning and would be useful in identifying vulnerabilities in screened subnets, VLANs, and branch offices.

Unauthenticated scanning is fast, has a lower impact on servers, and generates fewer false positives

Agree with agent-based with less impacts on the server