Exam SY0-501 topic 1 question 500 discussion

The answer is correct: https://www.tenable.com/blog/the-value-of-credentialed-vulnerability-scanning

The key here is venerability scanning caused a crash. Credentialed Scans are using privileged commands on the host and do not require brute force that can take down the network.

Correct C A credentialed scan is given a user account with logon rights to various hosts, plus whatever other permissions are appropriate for the testing routines. This sort of test allows much more in-depth analysis, especially in detecting when applications or security settings may be misconfigured. It also shows what an insider attack, or one where the attacker has compromised a user account, may be able to achieve. A credentialed scan is a more intrusive type of scan than non-credentialed scanning. Basics

A traditional active non-credentialed scan, also known as an unauthenticated scan, is a common method for assessing the security of systems without system privileges. Non-credentialed scans enumerate ports, protocols, and services that are exposed on a host and identifies vulnerabilities and misconfigurations that could allow an attacker to compromise your network. Benefits Ideal for large-scale assessments in traditional enterprise environments. Discovers vulnerabilities that an outside attacker can use to compromise your network (provides a malicious adversary's point of view). Runs network-based plugins that an agent is restricted from performing. Can perform targeted operations like the brute-forcing of credentials. Limitations Can be disruptive; that is, can sometimes have a negative effect on the network, device, or application being tested. Misses client-side vulnerabilities such as detailed patch information. Can miss transient devices that are not always connected to the network.

This admin is new, so he would use non-credentialed scan. By using this scan, admin had deeper inspection by going there and using intrusive scan he found vulnerability and that is when that scan caused system outage.

Security Admin - Credential Scan Lack of experience - Intrusive scan accidentally

I would go with answer D. I originally thought C but after reading this article. https://www.sikich.com/insight/why-you-should-perform-credentialed-scanning/

An intrusive scan risks impacting your network (slow traffic / crash / etc), and a non-credentialed scan passes far more traffic than a credentialed scan (again, causing higher impact). So, I believe the answer 'D' is correct.

The security administrator should think like a hacker and run a non-credentialed intrusive scan, I would go with D

The correct answer should be C. Intrusive credentialed scan. First of all it must be an intrusive scan since the scan caused an outage: ...Non-intrusive scans are set to provide a cursory look at a system, preventing the scanner from affecting performance of the system being scanned. An intrusive scan, on the other hand, performs in-depth checking on potential vulnerabilities and in some cases can cause a system to crash or reboot, affecting availability for its users. ... (Mike Meyers’ CompTIA Security+ p. 495) The scan is also a credentialed scan because a "security administrator" is running it with his/her admin credentials: ... Security administrators often run credentialed scans with the privileges of an administrator account. This allows the scan to check security issues at a much deeper level than a non- credentialed scan. ... (Darril Gibson’s Get Certified Get Ahead p. 574)

I'd go with D. Non-credentialed: A non-credentialed scan will monitor the network and see any vulnerabilities that an attacker would easily find; we should fix the vulnerabilities found with a non-credentialed scan first, as this is what the hacker will see when they enter your network. For example, an administrator runs a non-credentialed scan on the network and finds that there are three missing patches. The scan does not provide many details on these missing patches. The administrator installs the missing patches to keep the systems up to date as they can only operate on the information produced for them. Credentialed scan: A credentialed scan is a much safer version of the vulnerability scanner. It provides more detailed information than a non-credentialed scan. You can also set up the auditing of files and user permissions.

a vulnerability scanner is an non-intrusive tool meaning methods of it will not compromise a system. so its most likely A.

This philosophy believes that a system needs to be penetrated to prove that the system is, in fact, vulnerable. The intrusive non - credential scanning method is usually based on attacking as system in the exact way a malicious hacker would.