Which statement best captures the primary distinction between authenticated and unauthenticated scanning?

Authenticated scans use valid credentials to log into the target, giving the scanner access to internal pages, configurations, and services that aren’t exposed to unauthenticated users. This allows you to see how the system behaves under a legitimate user account, verify access controls, inspect software versions and patch levels, and identify issues like insecure defaults, weak permissions, or hidden admin interfaces that only appear after login. Unauthenticated scans run without credentials and mimic an external attacker, so they can only see publicly accessible surfaces, exposed services, and misconfigurations visible without logging in. They won’t reveal internal data or internal-facing controls, and they may miss issues that require access to authenticated areas. So the key distinction is the perspective and depth of visibility: authenticated scanning provides deeper, internal insight, while unauthenticated scanning assesses what an external observer can reach without credentials.