ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CV0-003 All Questions

View all questions & answers for the CV0-003 exam
Go to Exam

Exam CV0-003 topic 1 question 95 discussion

Actual exam question from CompTIA's CV0-003
Question #: 95
Topic #: 1
[All CV0-003 Questions]

A cloud security analyst is implementing a vulnerability scan of the web server in the DMZ, which is running in an IaaS compute instance. The default inbound firewall settings are as follows:

Which of the following will provide the analyst with the MOST accurate report?

  • A. An agent-based scan
  • B. A network vulnerability scan
  • C. A default and common credentialed scan
  • D. A network credentialed vulnerability scan
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Pongsathorn at Sept. 26, 2023, 8:59 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Jay987654
9 months, 2 weeks ago
Selected Answer: D
The analyst should use Option D: A network credentialed vulnerability scan. A network credentialed vulnerability scan provides the most accurate report because it uses valid credentials to log in to the scanned systems and gather detailed information about the operating system and installed software, including configuration issues and missing security patches. This type of scan can identify vulnerabilities that may not be visible during an unauthenticated scan.
upvoted 3 times
...
Jhonattan0032
9 months, 3 weeks ago
Selected Answer: D
D. A network credentialed vulnerability scan This option allows the vulnerability scanner to perform an authenticated scan of the server.
upvoted 3 times
...
Pongsathorn
1 year, 1 month ago
Selected Answer: B
For performing a vulnerability scan on the web server in the DMZ running in an IaaS compute instance with the provided firewall settings, the most appropriate choice is **B. A network vulnerability scan**. Here's why: - **Agent-based scan (A)** typically involves installing an agent on the target system. In this case, since you're dealing with a DMZ web server in an IaaS compute instance, it may not be feasible to install an agent directly on the instance, especially if it's externally facing. Additionally, agent-based scans are more commonly used for endpoints and servers within your organization's network.
upvoted 3 times
Pongsathorn
1 year, 1 month ago
- **Network vulnerability scan (B)** is the best choice for this scenario. Network vulnerability scanning tools, like Nessus or OpenVAS, can scan the target system over the network without requiring an agent. Given the provided firewall settings, the web server allows traffic on ports 80 (HTTP), 443 (HTTPS), and ICMP echo requests. Network vulnerability scanners can assess the vulnerabilities of the web server based on these open ports and the services running behind them. - **Default and common credentialed scan (C)** usually involves using default or common credentials to check for vulnerabilities on the target system. This might not be suitable for an externally facing web server, as it could be a security risk to use credentials that are not specifically configured for this purpose.
upvoted 1 times
Pongsathorn
1 year, 1 month ago
- **Network credentialed vulnerability scan (D)** typically implies using credentials to authenticate with the target system and perform a vulnerability scan. While this can provide more in-depth results, it may not be suitable for an externally facing web server in a DMZ due to security concerns. Moreover, the provided firewall settings might not allow the necessary ports and protocols for credential-based scans. In summary, a network vulnerability scan is the most accurate and appropriate choice for assessing the security of the web server in the DMZ with the given firewall settings.
upvoted 2 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago