7.4 Vulnerability assessment tools / practice questions
SecurityMetrics Mobile
, which also detects vulnerabilities in mobile devices. This program can help you protect customers' data and avoid unwanted app privileges, mobile malware, connectivity issues, threats to device storage, and unauthorized account access.
Which of the following best describes Qualys Vulnerability Management assessment tool? It scans for known vulnerabilities, malware, and misconfigurations. It has more than 50,000 vulnerability tests with daily updates. It scans for more than 6,000 files and programs that can be exploited. It is a cloud-based service that keeps all your data in a private virtual database.
It is a cloud-based service that keeps all your data in a private virtual database
Clive, a penetration tester, is scanning for vulnerabilities on the network, specifically outdated versions of Apple iOS. Which of the following tools should he use? Retina CS Nikto Nessus NetScan
Nessus; it offers scanning on mobile devices and will let you know which devices are unauthorized or non-compliant. It also identifies outdated versions of Apple iOS and highlights devices that have not connected for a period of time.
Which of the following would be the best open-source tool to use if you are looking for a web server scanner? Nikto Nessus OpenVAS NetScan
Nikto; It is a web server scanner. It tests for outdated versions of more than 1,250 servers, scans for more than 6,000 files and programs that can be exploited, and checks for version-specific problems on more than 270 servers. It is important to note that this tool creates a large footprint by leaving a high volume of entries in the web server's log files.
What are 2 free open-source tools that you can modify and share?
OpenVAS, which is a vulnerability scanner that has more than 50,000 vulnerability tests with daily updates. -capable of various high level and low level internet and industrial protocols, as well as unauthenticated and authenticated testing. Nikto, a web server scanner. It tests for outdated versions of more than 1250 servers and scans for more than 6,000 files and programs that can be exploited. It also checks for version-specific problems on more than 270 servers. - leaves large footprint
You are looking for a vulnerability assessment tool that detects vulnerabilities in mobile devices and gives you a report containing a total risk score, a summary of revealed vulnerabilities, and remediation suggestions. Which of the following vulnerability Network Scanner SecurityMetrics Mobile Retina CS for Mobile Nessus Professional
SecurityMetrics Mobile; It detects vulnerabilities in mobile devices. It can help you protect customers' data and avoid unwanted app privileges, mobile malware, device theft, connectivity issues, threats to device storage, and unauthorized account access. You can expect a report containing a total risk score, a summary of revealed vulnerabilities, and remediation suggestions.
Network Scanner
This one gives you an overview of a network's use. It generates security issues and vulnerability reports that autosave and can be backed up to your own web storage.
net scan
This tool provides discovery through network and port scanning. It can find vulnerabilities, security flaws, and open ports on your network.
Which of the following includes a list of resolved vulnerabilities? Security vulnerability summary Security vulnerability report Statistical vulnerability report Statistical vulnerability summary
A security vulnerability summary; it includes a list of resolved vulnerabilities and also covers every device or server that was scanned. It gives you information about current security flaws and vulnerabilities, including severity level, and lists resolved vulnerabilities.
The results section of an assessment report contains four sub-topics. Which of the following sub-sections contains the origin of the scan? Target Classification Assessment Services
Classification
Karen received a report of all the mobile devices on the network. This report showed the total risk score, summary of revealed vulnerabilities, and remediation suggestions. Which of the following types of software generated this report? A port scanner A malware scanner A vulnerability scanner An antivirus scanner
A vulnerability scanner; it detects and classifies system weaknesses in computers, networks, and communications equipment, as well as predicts the effectiveness of countermeasures.
Nessus
offers scanning on mobile devices and lets you know which devices are unauthorized or non-compliant. It also alerts you to outdated versions of Apple iOS, and it highlights devices that haven't connected for a long period of time, giving you a clearer picture of what's happening on your network.
Retina CS for Mobile,
provides comprehensive vulnerability management for smartphones, mobile devices, and tablets. It can scan, prioritize, and fix smartphone vulnerabilities. It analyzes and reports its findings from a centralized data warehouse.
Nessus Professional
an assessment solution that resides on your network. This makes it more suitable for smaller organizations. It scans for known vulnerabilities, malware, and misconfigurations. Nessus also provides reporting and remediation, as well as ongoing monitoring!
Qualys Vulnerability Management
is a cloud-based service that keeps all your data in a private virtual database. Qualys is easy to use, and it can scan large enterprises. Data is always encrypted during transit and at rest, so even though it's cloud-based, your data is secure. Only their scanners reside in your network.
