A security analyst is conducting a vulnerability scan of a web application. The scan identifies several vulnerabilities, but the analyst wants to minimize false positives. Which type of vulnerability scan would be most appropriate?
Authenticated scans use credentials to access the application, providing a more accurate assessment and fewer false positives.
Why this answer
An authenticated scan uses valid credentials to log into the target system, allowing the scanner to access deeper configuration details and patch levels. This reduces false positives by distinguishing between vulnerabilities that are actually present and those that appear due to incomplete visibility, such as missing patches that are actually applied but not visible to an unauthenticated scanner.
Exam trap
The trap here is that candidates often assume an unauthenticated scan is more thorough because it tests from an attacker's perspective, but they miss that authenticated scans provide the internal visibility needed to eliminate false positives by verifying actual patch levels and configurations.
How to eliminate wrong answers
Option A is wrong because an external scan is performed from outside the network boundary and typically lacks internal context, leading to a higher rate of false positives due to incomplete visibility of internal services and configurations. Option B is wrong because a passive scan only monitors network traffic without actively probing systems, so it cannot verify the presence of vulnerabilities and often generates false positives from observed but unconfirmed behaviors. Option D is wrong because an unauthenticated scan does not use credentials, so it cannot access restricted areas of the application or system, resulting in many false positives from assumptions about missing patches or misconfigurations that may not actually exist.