Lab #2
32
LAB #2 | Perform a Vulnerability Assessment Scan Using Nessus
LAB #2 – ASSESSMENT WORKSHEET
Perform a Vulnerability Assessment Scan Using Nessus
Course Name and Number: Student Name: Instructor Name: Lab Due Date:
Overview
This lab demonstrated the first three steps in the hacking process that is typically performed when conducting ethical hacking or penetration testing. The first step in the hacking process is to perform an IP host discovery and port/services scan (Step 1: Reconnaissance and Probing) on a targeted IP subnetwork using Zenmap GUI (Nmap) security scanning software. The second step in the hacking process is to perform a vulnerability assessment scan (Step 2: Scanning) on the targeted IP subnetwork using Nessus vulnerability assessment scanning software. Finally, the third step in the hacking process (Step 3: Enumeration) is to identify information pertinent to the vulnerabilities found to exploit the vulnerability.
Lab Assessment Questions & Answers
1. What is the application Zenmap GUI typically used for? Describe a scenario in which you would use this
type of application.
2. What is the relationship between risks, threats, and vulnerabilities as it pertains to information systems
security throughout the seven domains of a typical IT infrastructure?
Assessment Worksheet
3. Which application is used for Step 2 in the hacking process to perform a vulnerability assessment scan?
33
4. Before you conduct an ethical hacking process or penetration test on a live production network, what
must you do prior to performing the reconnaissance, probing, and scanning procedures?
2
Perform a Vulnerability Assessment Scan Using Nessus
5. What is a CVE listing? Who hosts and who sponsors the CVE database listing website?
6. Can Zenmap GUI detect which operating systems are present on IP servers and workstations? What would
that option look like in the command line if running a scan on 172.30.0.10?
7. If you
LAB #2 | Perform a Vulnerability Assessment Scan Using Nessus
LAB #2 – ASSESSMENT WORKSHEET
Perform a Vulnerability Assessment Scan Using Nessus
Course Name and Number: Student Name: Instructor Name: Lab Due Date:
Overview
This lab demonstrated the first three steps in the hacking process that is typically performed when conducting ethical hacking or penetration testing. The first step in the hacking process is to perform an IP host discovery and port/services scan (Step 1: Reconnaissance and Probing) on a targeted IP subnetwork using Zenmap GUI (Nmap) security scanning software. The second step in the hacking process is to perform a vulnerability assessment scan (Step 2: Scanning) on the targeted IP subnetwork using Nessus vulnerability assessment scanning software. Finally, the third step in the hacking process (Step 3: Enumeration) is to identify information pertinent to the vulnerabilities found to exploit the vulnerability.
Lab Assessment Questions & Answers
1. What is the application Zenmap GUI typically used for? Describe a scenario in which you would use this
type of application.
2. What is the relationship between risks, threats, and vulnerabilities as it pertains to information systems
security throughout the seven domains of a typical IT infrastructure?
Assessment Worksheet
3. Which application is used for Step 2 in the hacking process to perform a vulnerability assessment scan?
33
4. Before you conduct an ethical hacking process or penetration test on a live production network, what
must you do prior to performing the reconnaissance, probing, and scanning procedures?
2
Perform a Vulnerability Assessment Scan Using Nessus
5. What is a CVE listing? Who hosts and who sponsors the CVE database listing website?
6. Can Zenmap GUI detect which operating systems are present on IP servers and workstations? What would
that option look like in the command line if running a scan on 172.30.0.10?
7. If you