Vulnerability scanning proactively identifies security weaknesses in network devices, servers, and applications before attackers can exploit them. CompTIA Network+ N10-009 tests vulnerability scanning concepts including scan types (authenticated vs unauthenticated), common tools, CVE/CVSS, and the difference between vulnerability scanning and penetration testing.
Practice this topic
Unauthenticated (non-credentialed) scan: the scanner connects to targets without login credentials — simulates what an external attacker sees. Identifies open ports, service versions, and externally visible vulnerabilities. Limited visibility — misses many internal vulnerabilities that require login access.
Authenticated (credentialed) scan: the scanner logs into target systems with administrative credentials and inspects internal configuration, installed software versions, patch status, and registry settings. More comprehensive than unauthenticated scans — finds vulnerabilities that require local access. Results may have fewer false positives.
Agent-based scanning: a lightweight agent installed on each device collects vulnerability data locally and reports to the central scanner. Works even when devices are offline or behind firewalls. Continuous scanning rather than periodic scheduled scans.
Nessus: industry-leading commercial vulnerability scanner (Tenable). Large plugin database — identifies thousands of vulnerabilities across operating systems, applications, and network devices. OpenVAS: open-source vulnerability scanner (Greenbone). Qualys: cloud-based SaaS vulnerability management. Rapid7 InsightVM/Nexpose: enterprise vulnerability management.
CVE (Common Vulnerabilities and Exposures): the public vulnerability database. Each vulnerability gets a unique CVE ID (CVE-YYYY-NNNNN). Scanners check targets against CVE database entries. CVSS (Common Vulnerability Scoring System) assigns severity scores (0–10). Scanners use CVSS to prioritize remediation — address Critical (9–10) and High (7–8.9) first.
Penetration testing vs vulnerability scanning: vulnerability scanning identifies and reports weaknesses without exploiting them. Penetration testing (ethical hacking) actively attempts to exploit vulnerabilities to prove they are real risks. Pen testing requires explicit written authorization.
Vulnerability scanning is the same as penetration testing
Vulnerability scanning is automated identification of known weaknesses — it does not exploit them. Penetration testing is a deliberate, human-guided attempt to exploit vulnerabilities to prove real risk. Pen testing is more expensive, deeper, and requires explicit authorization
These questions are representative of what you will see on Network+ exams. The correct answer and explanation are shown immediately below each question.
A security team runs a vulnerability scan and receives results showing 50 Critical and 200 High severity findings. Which should be addressed first?
Explanation: Critical vulnerabilities (CVSS 9.0–10.0) represent the highest risk — most likely to be exploited with the most severe impact. Remediation priority should follow CVSS score: Critical → High → Medium → Low. The number of vulnerabilities at each severity level doesn't change prioritization — one critical vulnerability may enable complete system compromise.
A port scanner (nmap) identifies open TCP/UDP ports on target systems — it tells you what services are listening. A vulnerability scanner identifies security weaknesses in those services — outdated versions, misconfigurations, missing patches, and known CVEs. A vulnerability scanner uses port scanning as a first step, then performs detailed fingerprinting and vulnerability checks on discovered services.
Try free Vulnerability Scanning practice questions with explanations, topic links and progress tracking.