FunSec_v03_Lab02_AW

.docx

School

Central Georgia Technical College *

*We aren’t endorsed by this school

Course

1601

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

3

Uploaded by JudgeArmadilloMaster764

Report
Lab #2 - Assessment Worksheet Performing a Vulnerability Assessment Course Name and Number: CIST1601: INFORMATION SECURITY FUND (11758) Student Name: Davius Greer Instructor Name: Lori Harnist Lab Due Date: 09/03/2023 Lab Assessment Questions & Answers 1. What is Zenmap typically used for? How is it related to Nmap? Describe a scenario in which you would use this type of application. typically used to get list of hosts, as well as what operating system and services they are using. the activity notes that it used for the scanning and vulnerability phases of hacking. I could also see a use for a network admin wishing to audit every device on the network. 2. Which application can be used to perform a vulnerability assessment scan in the reconnaissance phase of the ethical hacking process? openVAS handles the vulnerability part of the ethical hacking process.
3. What must you obtain before you begin the ethical hacking process or penetration test on a live production network, even before performing the reconnaissance step? You likely should get permission of the organization. simply going in and running a bunch of network scans and penetration tests, then proceeding to announce that you're a good guy, is most likely not appreciated. 4. What is a CVE listing? Who hosts and who sponsors the CVE database listing web site? CVE is common vulnerability and exploits. hosts the CVE, sponsored by the DHS and the NCSD. . 5. Can Zenmap detect which operating systems are present on IP servers and workstations? Which option includes that scan? Zenmap can detect operating systems with the -O option, however using the SV argument may provide more accurate details based on the services. 6. How can you limit the breadth and scope of a vulnerability scan? Try excluding certain hosts with the -exclude argument in the nmap command line. In our case, we exempted the local host.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help