Explanation should include the following:
- Passively test security controls
- Identify vulnerability
- Identify lack of security controls
- Identify common misconfigurations
- Intrusive vs. non-intrusive
- Credentialed vs. non-credentialed
- False positive
Process/Skill Questions:
- What ethical concerns are related to vulnerability scanning?
- What techniques are commonly used in vulnerability scanning?
- Why should users be allowed to configure workstation security?