FunSec_v03_Lab02_AW

docx

School

Central Georgia Technical College *

*We aren’t endorsed by this school

Course

1601

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

3

Uploaded by JudgeArmadilloMaster764

Report
Lab #2 - Assessment Worksheet Performing a Vulnerability Assessment Course Name and Number: CIST1601: INFORMATION SECURITY FUND (11758) Student Name: Davius Greer Instructor Name: Lori Harnist Lab Due Date: 09/03/2023 Lab Assessment Questions & Answers 1. What is Zenmap typically used for? How is it related to Nmap? Describe a scenario in which you would use this type of application. typically used to get list of hosts, as well as what operating system and services they are using. the activity notes that it used for the scanning and vulnerability phases of hacking. I could also see a use for a network admin wishing to audit every device on the network. 2. Which application can be used to perform a vulnerability assessment scan in the reconnaissance phase of the ethical hacking process? openVAS handles the vulnerability part of the ethical hacking process.
3. What must you obtain before you begin the ethical hacking process or penetration test on a live production network, even before performing the reconnaissance step? You likely should get permission of the organization. simply going in and running a bunch of network scans and penetration tests, then proceeding to announce that you're a good guy, is most likely not appreciated. 4. What is a CVE listing? Who hosts and who sponsors the CVE database listing web site? CVE is common vulnerability and exploits. hosts the CVE, sponsored by the DHS and the NCSD. . 5. Can Zenmap detect which operating systems are present on IP servers and workstations? Which option includes that scan? Zenmap can detect operating systems with the -O option, however using the SV argument may provide more accurate details based on the services. 6. How can you limit the breadth and scope of a vulnerability scan? Try excluding certain hosts with the -exclude argument in the nmap command line. In our case, we exempted the local host.
7. Once a vulnerability has been identified by Nessus, where would you check for more information regarding the identified vulnerability, exploits, and any risk mitigation solution? I would check either the references section in the report, or the CVE listing associated with it. 8. What is the major difference between Zenmap and Nessus? Zenmap is simply the network scanner, while OpenVAS checks for vulnerabilities on the targets selected by Zenmap 9. Why do you need to run both tools like Zenmap and Nessus to complete the reconnaissance phase of the ethical hacking process? I would say you need both, as zenmap is quiet.. Once you have an idea of the network topology, services, etc, you can use that to narrow down the scope for OpenVAS, allowing you to get in and out quickly.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Hello class (8).docx
Assignment3_v5_01282024 RW v1.docx
QRadar SOAR Level 2 Quiz.pdf
Dr. Lee Email Proposal V.docx
C797 revised infograph.pptx
HOMEWORK.pdf
Journal entry 2.docx
Topic pick. Stephanie Orange.docx
Project 1.pdf
CS 305 Project One - Tolentino.docx
BIO220 T1 DQ1 & DQ2.docx
3.3.2.7.docx