Title
1. What is the application ZenMap GUI typically used for? Describe a scenario in which you would use this type of application. / Scanning all domains within the local domain. / If I was a financial accountant, I would use this to see what my employees are accessing and who is doing what on the company internet. I would like to find out who is compromising their privileges and accessing inappropriate sites.
2. What is the relationship between risks, threats and vulnerabilities as it pertains to Information Systems Security throughout the seven domains of a typical IT infrastructure? / They all affect security and integrity of a network domain local.
3. Which application is used in step #2 in the hacking process to perform a vulnerability assessment scan? / Nessus
4. Before you conduct an ethical hacking process or penetration test in a live production network, what must you do prior to performing the reconnaissance and probing and scanning procedures? / Perform an IP host discovery and port intense scan
5. What is a CVE listing? Who hosts and who sponsors the CVE database listing website? / A system that provides a record for publicly know ISS vulnerability / The public
6. Can ZenMap GUI detect what operating systems are present on IP servers and Workstations? What would that option look like in the command line if running a scan on 172.30.0.10? / Yes / It would be the green text in the command line
7. If you have scanned a live host and detected that it is running Windows XP workstation OS, how would you use this information for performing a Nessus Vulnerability assessment scan? / You need to select Windows Credentials in the drop down menu next to credential type.
8. Once vulnerability is identified by Nessus, where can you check for more information regarding the identified vulnerability, exploits, and the risk
2. What is the relationship between risks, threats and vulnerabilities as it pertains to Information Systems Security throughout the seven domains of a typical IT infrastructure? / They all affect security and integrity of a network domain local.
3. Which application is used in step #2 in the hacking process to perform a vulnerability assessment scan? / Nessus
4. Before you conduct an ethical hacking process or penetration test in a live production network, what must you do prior to performing the reconnaissance and probing and scanning procedures? / Perform an IP host discovery and port intense scan
5. What is a CVE listing? Who hosts and who sponsors the CVE database listing website? / A system that provides a record for publicly know ISS vulnerability / The public
6. Can ZenMap GUI detect what operating systems are present on IP servers and Workstations? What would that option look like in the command line if running a scan on 172.30.0.10? / Yes / It would be the green text in the command line
7. If you have scanned a live host and detected that it is running Windows XP workstation OS, how would you use this information for performing a Nessus Vulnerability assessment scan? / You need to select Windows Credentials in the drop down menu next to credential type.
8. Once vulnerability is identified by Nessus, where can you check for more information regarding the identified vulnerability, exploits, and the risk