In determining when it may be necessary to perform a credentialed scan against a system instead of a non-credentialed scan, which of the following requirements is MOST likely to influence this decision?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
When conducting a vulnerability scan, the question of whether to perform a credentialed or non-credentialed scan arises. A non-credentialed scan is a scan where the scanner does not have access to login credentials and only relies on network protocols to discover vulnerabilities. In contrast, a credentialed scan is a scan where the scanner has login credentials for the system being scanned and can access the system to identify vulnerabilities that can't be detected during a non-credentialed scan.
Out of the given requirements, the option that is MOST likely to influence the decision of whether to perform a credentialed scan or not is D. The scanner must be able to audit file system permissions.
File system permissions are a vital part of securing a system, and it can only be audited by performing a credentialed scan. A non-credentialed scan would not have sufficient privileges to access the file system permissions. If file system permissions are not audited, there is a high likelihood that a system could be compromised, and an attacker could gain unauthorized access.
The other options, A, B, and C, are requirements that can be satisfied by both a credentialed and non-credentialed scan. For example, both types of scans can determine the host OS of devices scanned, footprint the network, and check for open ports with listening services. However, file system permissions can only be audited by performing a credentialed scan.