What is required for a penetration tester to conduct a comprehensive authenticated scan against a Linux host?
- user credentials with root-level access to the target system
- system user credentials
- physical on-premises access to the target system
- unauthenticated scans are a form of passive reconnaissance that return little useful information.
- backdoor access to the target system
|
Explanation & Hint: When conducting an authenticated scan against a target, many of the commands that the scanner runs require root-level access to gather the correct and most complete information from the system; system user credentials would only provide access to resources for which that user has privilege. An authenticated scan against a target does not have to be conducted on-premises; remote SSH access is typically used.
|