What is the primary goal of network vulnerability scans in penetration testing?

The goal of network vulnerability scans is to surface weaknesses in network infrastructure devices and protocols that could be exploited. These automated checks look for known flaws, misconfigurations, missing patches, weak services, default or weak credentials, and insecure protocol configurations across devices like routers, switches, firewalls, and servers. By identifying these potential entry points, the scan helps prioritize remediation and hardening efforts to reduce the attack surface before an attacker can exploit it. Other activities—such as verifying policy compliance, monitoring network availability, or testing user credentials—address different aspects of security: policy adherence, uptime/performance, and authentication strength, respectively. While useful in a broader assessment, they are not the primary aim of vulnerability scanning.