ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-501 All Questions

View all questions & answers for the SY0-501 exam
Go to Exam

Exam SY0-501 topic 1 question 765 discussion

Actual exam question from CompTIA's SY0-501
Question #: 765
Topic #: 1
[All SY0-501 Questions]

A security analyst wishes to scan the network to view potentially vulnerable systems the way an attacker would. Which of the following would BEST enable the analyst to complete the objective?

  • A. Perform a non-credentialed scan.
  • B. Conduct an intrusive scan.
  • C. Attempt escalation of privilege.
  • D. Execute a credentialed scan.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Waffa at Aug. 29, 2020, 3:45 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Meme_meme
Highly Voted 4 years, 9 months ago
The provided answer is correct. Non-credentialed: A non-credentialed scan will monitor the network and see any vulnerabilities that an attacker would easily find; we should fix the vulnerabilities found with a non-credentialed scan first, as this is what the hacker will see when they enter your network. For example, an administrator runs a non-credentialed scan on the network and finds that there are three missing patches. The scan does not provide many details on these missing patches. The administrator installs the missing patches to keep the systems up to date as they can only operate on the information produced for them. Credentialed scan: A credentialed scan is a much safer version of the vulnerability scanner. It provides more detailed information than a non-credentialed scan. You can also set up the auditing of files and user permissions.
upvoted 13 times
...
Poker69
Most Recent 4 years, 2 months ago
the correct answer is D, non-credentialed scans will vulnerabilities for sure
upvoted 2 times
...
Waffa
4 years, 9 months ago
why not B
upvoted 1 times
Biz90
4 years, 9 months ago
I believe the answer is not B (someone with more experience will tell me if I am right or wrong) as depending on the logical and physical sec set up of the net. An intrusive scan is very intensive meaning to a well protected network it is obvious and can be mitigated against. Whereas a non-credentialized scan is like in 'the background' it is not obvious to the network that the scan is being conducted.
upvoted 1 times
ekinzaghi
3 years, 10 months ago
The given answer is correct(Non Credentialed scan) .The key here is "way an attacker would". In a typical hacking scenario the attacker wont be using any major credentials to login to the system inorder to carry out a vulnerability test.so if u do something similar to the hacker or attacker u are likely not to use any credentials
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel