7.1.4 - Vulnerability Assessment (Practice Questions)

Host-based assessment

Which of the following assessment types focus on all types of users risks, including threats from malicious users, ignorant users, vendors, and administrators?

A scanner transmits to a network node to determine exposed ports and can also independently repair security flaws.

Which of the following best describes active scanning?

Vulnerability assessment

In a world where so much private information is stored and transferred digitally, it is essential to proactively discover weaknesses. An ethical hacker's assessment sheds light on the flaws that can open doors for malicious attackers. Which of the following types of assessments does an ethical hacker complete to expose these weaknesses?

Passive

Which of the following assessment types can monitor and alert on attacks but cannot stop them?

Internal assessment

An ethical hacker is running an assessment test on your networks and systems. The assessment test includes the following items: - Inspecting physical security - Checking open ports on network devices and router configurations - Scanning for Trojans, spyware, viruses, and malware - Evaluating remote management processes - Determining flaws and patches on the internal network systems, devices, and servers Which of the following assessment tests is being performed?

Application flaws

This type of assessment evaluates deployment and communication between the server and client. It is imperative to develop tight security through user authorization and validation. Open-source and commercial tools are both recommended for this assessment. Which of the following types of vulnerability research is being done?

Vulnerability research

Jaxon, a pentester, is discovering vulnerabilities and design flaws on the Internet that will open an operating system and applications to attack or misuse. Which of the following tasks is he accomplishing?

nmap --script nmap-vulners -sV 10.10.10.195

On your network, you have a Windows 10 system with the IP address 10.10.10.195. You have installed XAMPP along with some web pages, php, and forms. You want to put it on the public-facing internet, but you are not sure if it has any vulnerabilities. On your Kali Linux system, you have downloaded the nmap-vulners script from GitHub. Which of the following is the correct nmap command to run?