Network Security - Vulnerability Assessment
John the Ripper
You want to check a server for user accounts that have weak passwords. You want to check a server for user accounts that have weak passwords. Which tool should you use. Retina John the Ripper Nessus OVAL
Network Mapper
You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram. Which tool should you use? Port scanner network mapper ping scanner Vulnerability scanner
Vulnerability scanner
A software program that searches an application,computer, or network for weaknesses such as open ports, running applications or services, missing critical patches, default user accounts that have not been disabled, and default or blank passwords. Port scanner network mapper ping scanner Vulnerability scanner
ping scanner
What device identifies devices on the network, but does not probe for open ports. Port scanner network mapper ping scanner Vulnerability scanner
OVAL
What is an International standard for testing, analyzing, and reporting the security vulnerabilities of a system Vulnerability Assessment Scanner MBSA OVAL
MSBA
What network tools provides the following information? * open ports * Active IP address * Running applications or services * Missing critical patches * Default user accounts that have not been disabled * Default, blank, or common passwords
Vulnerability scanner
What networking tool are the following classified as? Nessus Retina Vulnerability Assessment Scanner MBSA
MSBA
What vulnerability scanner performs the following? Check user accounts for weak passwords Check for missing patches Check for open ports
Port scanner
Which networking tool Determines which ports are open on a firewall and Discovers unadvertised servers? Port scanner network mapper ping scanner MSBA
OVAL
Which of the following identifies standards and XML formats for reporting and Which of the following identifies standards and XML formats for reporting and analyzing system vulnerabilities? Retina OSSTMM OVAL MBSA
TCP SYN scan
Which of the following is the name of the type of port scan which does not complete the full three-way handshake of TCP, but rather listens only for either SYN/ACK or RST/ACK packets? TCP connect scan TCP FIN scan TCP SYN scan TCP ACK scan
Definition
You are using a vulnerability scanner that conforms to the OVAL specifications. Which of the following items contains a specific vulnerability or security issue that could be present on a system? Asset Risk Definition Threat agent Repository Library
Vulnerability scanner
You want to be able to identify the services running on a set of servers on your network. Which tool would best give you the information you need? Port scanner network mapper ping scanner Vulnerability scanner
Port scanner
You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept packets sent to those services. What tool should you use? Port scanner network mapper ping scanner MSBA
Nessus & Retina
You want to use a tool to scan a system for vulnerabilities including open ports, running services, and missing patches. Which tool would you use? Port scanner network mapper ping scanner Nessus & Retina