Cis 333 Lab #2 Question

32

LAB #2 | Perform a Vulnerability Assessment Scan Using Nessus

LAB #2 – ASSESSMENT WORKSHEET

Perform a Vulnerability Assessment Scan Using Nessus

Course Name and Number: CIS 333 Student Name: Chris Marks Instructor Name: Tim Gillin Lab Due Date: 10/20/13

Overview

This lab demonstrated the first three steps in the hacking process that is typically performed when conducting ethical hacking or penetration testing. The first step in the hacking process is to perform an IP host discovery and port/services scan (Step 1: Reconnaissance and Probing) on a targeted IP subnetwork using Zenmap GUI (Nmap) security scanning software. The second step in the hacking process is to perform a vulnerability assessment scan (Step 2: Scanning) on the targeted IP subnetwork using Nessus vulnerability assessment scanning software. Finally, the third step in the hacking process (Step 3: Enumeration) is to identify information pertinent to the vulnerabilities found to exploit the vulnerability.

Lab Assessment Questions & Answers

1. What is the application Zenmap GUI typically used for? Describe a scenario in which you would use this

type of application.

Scanning all domains within the local domain. If I was a financial accountant, I would use this to see what my employees are accessing and who is doing what on the company internet.I would like to find out who is compromising their privileges and accessing inappropriate sites.

2. What is the relationship between risks, threats, and vulnerabilities as it pertains to information systems

security throughout the seven domains of a typical IT infrastructure?

They all affect security and integrity of a network domain local.

38351_LB02_Pass4.indd 32

20/04/13 2:57 AM

Assessment Worksheet

3. Which application is used for Step 2 in the hacking process to perform a vulnerability assessment scan?

33

Nessus

4. Before you conduct an ethical hacking process or penetration test on a live production...