A new policy requires the security team to perform web application and OS vulnerability scans. All of the company’s web applications use federated authentication and are accessible via a central portal. Which of the following should be implemented to ensure a more thorough scan of the company’s web application, while at the same time reducing false positives?
A. The vulnerability scanner should be configured to perform authenticated scans.
B. The vulnerability scanner should be installed on the web server.
C. The vulnerability scanner should implement OS and network service detection.
D. The vulnerability scanner should scan for known and unknown vulnerabilities.