Question

In Incident Response, which CompTIA category would you assign scanning?

Answer 1

Scanning in Incident Response is categorized under Vulnerability Management in CompTIA.

Step-by-step explanation:

In Incident Response, scanning falls under the CompTIA category of Vulnerability Management. Scanning refers to the process of examining a system or network to identify any vulnerabilities or weaknesses that could be exploited. It involves using automated tools or manual techniques to assess the security posture of the system or network.

For example, in an incident where a network has been compromised, scanning can be used to identify any unauthorized devices, open ports, or potential security vulnerabilities that may have been exploited by the attacker.

Answer 2

In Incident Response, 'scanning' is categorized under the identification phase, aiding early detection of unauthorized access or anomalies, using tools like vulnerability scanners and network mappers.

Step-by-step explanation:

In Incident Response, assigning the category of 'scanning' is part of identifying and classifying the types of activities that are typically seen during a cybersecurity incident.

In the context of CompTIA's framework, scanning would likely be categorized under the identification phase of incident response, also considered as part of the early detection processes.

It involves searching the network for any signs of unauthorized access or anomalies that could suggest a security breach.

Scanning activities include the use of vulnerability scanners, network mappers, and port scanners that help security professionals to detect potential weaknesses that an attacker could exploit or signs that an attack is in progress or has already occurred.