What is the disadvantage of conducting an unauthenticated scan of a target when performing a penetration test?
- Vulnerability of services running inside the target may not be detected.
- The scanner will report the port as open whether or not the service on that network segment is listening or not.
- Unauthenticated scans are more likely to provide a lower rate of false positives than authenticated scans.
- Unauthenticated scans are a form of passive reconnaissance that return little useful information.
|
Explanation & Hint: If the service is not listening on that network segment, or if it is firewalled, an unauthenticated scan will report the port as closed and move on, which means vulnerabilities may be missed.
|