Ethical hackers must obtain __________ prior to performing a scanning and vulnerability
assessment on a live production network. - answer written authorization from the client
During the vulnerability assessment, any known vulnerabilities or bugs will be flagged and
identified by: - answer OpenVAS.
Which of the following work together to complete the scanning and vulnerability assessment
phase of the ethical hacking process? - answer Nmap (Zenmap) and OpenVAS
A successful __________ assessment of a network is all about using the right tools to map the
network and identify any vulnerabilities that can be the opening for a future attack. - answer
scanning and vulnerability
Which of the following is a graphical interface for Nmap that is typically used during the scanning
phase of the ethical hacking process? - answer Zenmap
Which of the following is a port scanning tool that can quickly identify hosts and detect what
operating system and services are running on them? - answer Zenmap
The __________ confirms that the machine is available, but can't identify ports, operating systems,
or services. - answer Ping scan
The raw data from the Nmap Output tab is grouped into a more readable form: - answer on the
Ports/Hosts and Host Details tab for each host in the scan
The __________ is a form of TCP scanning that is less intrusive on the target host. - answer SYN
scan
The __________ can identify the services using the TCP protocol, but not the versions of these
applications. - answer SYN scan
Within Zenmap, which command is used to begin the OS fingerprinting scan and determine which
operating systems are running on the network hosts? - answer The -O command
Within Zenmap, which command is used to discover the versions of the software on open TCP
ports? - answer The -sV command
You can limit the breadth and scope of a vulnerability scan by: - answer using a text file, which
lists only the hosts you want to scan.
Conducting a vulnerability scan on entire subnets: - answer is time consuming and noisy (making
them easily detected).
OpenVAS is the scanning engine, but which of the following is the Web interface that allows users
to quickly scan and analyze their network? - answer The Greenbone Security Assistant
Which of the following interfaces enables you to scan several IP addresses at once or type in an IP
address to create a simple scan of any machine? - answer OpenVAS
The __________ report includes a report overview and the details for each host. - answer OpenVAS
The CVE listing is a database of: - answer known software vulnerabilities and exposures as well as
how to mitigate them with software patches and updates.
Who is responsible for hosting the CVE database listing web site, under contract with the
Department of Homeland Security and the U.S. National Cyber Security Division? - answer The
Mitre Corporation
Once a vulnerability has been identified by OpenVAS, where would you check for more
information regarding the identified vulnerability, exploits, and any risk mitigation solution? -
answer The CVE references found at the bottom of the vulnerability table
Category | exam bundles |
Comments | 0 |
Rating | |
Sales | 0 |