operating system
1. What is the application Zenmap GUI typically used for? Describe a scenario in which you would use this type of application.
Zenmap is an application that is used to scan ports for networks. A scenario where it can be used is to scan the ports of a network to know exactly which ports are opened or closed thus allowing a network administrator to reduce the vulnerability of its network.
2. Which application is used for Step 2 in the hacking process to perform a vulnerability assessment scan?
Nessus.
3. What must you obtain before you begin the ethical hacking process or penetration test on a live production network, even before performing the reconnaissance step?
One must obtain a signed authorization form showing exactly what kind of test you are authorized to perform.
4. What is a CVE listing? Who hosts and who sponsors the CVE database listing website?
CVE listing is a dictionary of publicly known information security vulnerabilities and exposures. IT is hosted by the Office of Cybersecurity and Communications at the U.S. Department of Homeland Security
5. Can Zenmap GUI detect which operating systems are present on IP servers and workstations? Which option includes that scan?
Yes, the OS detection using TCP/IP stack fingerprinting option includes that scan.
6. If you have scanned a live host and detected that it is running Windows XP workstation OS, how would you use this information for performing a Nessus vulnerability assessment scan?
One can use this information to create a policy of vulnerabilities that you want Nessus to scan for on that specific host.
7. Once a vulnerability is identified by Nessus, where can you check for more information regarding the identified vulnerability, exploits, and the risk mitigation solution?
You can check the report generated by Nessus, specifically in the hostname plugin ID which will give you a detailed description of the vulnerability found along with possible mitigation
Zenmap is an application that is used to scan ports for networks. A scenario where it can be used is to scan the ports of a network to know exactly which ports are opened or closed thus allowing a network administrator to reduce the vulnerability of its network.
2. Which application is used for Step 2 in the hacking process to perform a vulnerability assessment scan?
Nessus.
3. What must you obtain before you begin the ethical hacking process or penetration test on a live production network, even before performing the reconnaissance step?
One must obtain a signed authorization form showing exactly what kind of test you are authorized to perform.
4. What is a CVE listing? Who hosts and who sponsors the CVE database listing website?
CVE listing is a dictionary of publicly known information security vulnerabilities and exposures. IT is hosted by the Office of Cybersecurity and Communications at the U.S. Department of Homeland Security
5. Can Zenmap GUI detect which operating systems are present on IP servers and workstations? Which option includes that scan?
Yes, the OS detection using TCP/IP stack fingerprinting option includes that scan.
6. If you have scanned a live host and detected that it is running Windows XP workstation OS, how would you use this information for performing a Nessus vulnerability assessment scan?
One can use this information to create a policy of vulnerabilities that you want Nessus to scan for on that specific host.
7. Once a vulnerability is identified by Nessus, where can you check for more information regarding the identified vulnerability, exploits, and the risk mitigation solution?
You can check the report generated by Nessus, specifically in the hostname plugin ID which will give you a detailed description of the vulnerability found along with possible mitigation