Which of the following should the tester have done?

During a vulnerability assessment, a penetration tester configures the scanner sensor and performs the initial vulnerability scanning under the client’s internal network. The tester later discusses the results with the client, but the client does not accept the results. The client indicates the host and assets that were within scope are not included in the vulnerability scan results.

Which of the following should the tester have done?
A . Rechecked the scanner configuration.
B . Performed a discovery scan.
C . Used a different scan engine.
D . Configured all the TCP ports on the scan.

View Answer

Answer: B

Explanation:

When the client indicates that the scope’s hosts and assets are not included in the vulnerability scan results, it suggests that the tester may have missed discovering all the devices in the scope.

Here’s the best course of action:

Performing a Discovery Scan:

Purpose: A discovery scan identifies all active devices on the network before running a detailed vulnerability scan. It ensures that all in-scope devices are included in the assessment.

Process: The discovery scan uses techniques like ping sweeps, ARP scans, and port scans to identify active hosts and services.

Comparison with Other Actions:

Rechecking the Scanner Configuration (A): Useful but not as comprehensive as ensuring all hosts are discovered.

Using a Different Scan Engine (C): Not necessary if the issue is with host discovery rather than the scanner’s capability.

Configuring All TCP Ports on the Scan (D): Helps in detailed scanning but does not address missing hosts.

Performing a discovery scan ensures that all in-scope devices are identified and included in the vulnerability assessment, making it the best course of action.