Lab 2 Answers Nessus Essay

625 WordsJan 10, 20133 Pages
Laboratory #2 Lab #2: Perform a Vulnerability Assessment Scan Using Nessus® (Nessus® is a Registered Trademark of Tenable Network Security, Inc.) Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: * Identify risks, threats, and vulnerabilities in an IP network infrastructure using ZenMap GUI (Nmap) to perform an IP host, port, and services scan * Perform a vulnerability assessment scan on a targeted IP subnetwork using Nessus® * Compare the results of the ZenMap GUI “Intense Scan” with a Nessus® vulnerability assessment scan * Assess the findings of the vulnerability assessment scan and identify critical vulnerabilities * Make recommendations for…show more content…
Answer: Risks = Vulnerabilities x Threats 3. Which application is used for Step #2 in the hacking process to perform a vulnerability assessment scan? 4. Before you conduct an ethical hacking process or penetration test on a live production network, what must you do prior to performing the reconnaissance and probing and scanning procedures? Answer: * Perform an IP host discovery and port/services scan on the targeted IP subnet. * Perform a vulnerability assessment scan on the targeted IP subnet to discover what the weakest link in the system. 5. What is a CVE listing? Who hosts and who sponsors the CVE database listing website? Answer: CVE is Common Vulnerabilities and Exposures. 6. Can ZenMap GUI detect what operating systems are present on IP servers and workstations? What would that option look like in the command line if running a scan on 172.30.0.10? 7. If you have scanned a live host and detected that it is running Windows XP workstation OS, how would you use this information for performing a Nessus® vulnerability assessment scan? 8. Once a vulnerability is identified by Nessus®, where can you check for more information regarding the identified vulnerability, exploits, and the risk mitigation solution? Answer: After vulnerability is identified by Nessus, you can click on the Reports tab to see details of the vulnerability include overview,
Open Document