Ch. 6.9 Vulnerability Assessment

Ace your homework & exams now with Quizwiz!

You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram. Which tool should you use?

Network mapper

You have run a vulnerability scanning tool and identified several patches that need to be applied to a system. What should you do next after applying the patches

Run the vulnerability assessment again

Network mapper

A tool that can discover devices on the network and then display the devices in a graphical representation.

Password cracker

A tool that performs cryptographic attacks on passwords.

Port scanner

A tool that probes systems for open ports.

Ping scanner

A tool that sends ICMP echo/request packets to one or multiple IP addresses.

Open Vulnerability and Assessment Language (OVAL)

An international standard for testing, analyzing, and reporting a system's security vulnerabilities.

Which of the following are performed by the Microsoft Baseline Security Analyzer (MBSA) tool? (select 3)

Check for missing patches Check for open ports Check user accounts for weak passwords

A security administrator logs on to a Windows server on her organization's network. She then runs a vulnerability scan on that server. What type of scan was conducted in this scenario?

Credentialed scan

You are using a vulnerability scanner that conforms to the OVAL specifications. Which of the following items contains a specific vulnerability or security issue that could be present on a system?

Definition

Which of the following functions can a port scanner provide? (select two)

Discovering unadvertised servers Determining which ports are open on a firewall

You want to check a server for user accounts that have weak passwords. Which tool should you use?

John the Ripper

A security administrator needs to run a vulnerability scan that will analyze a system from the perspective of a hacker attacking the organization from the outside. What type of scan should you use?

Non-credentialed scan

Which of the following identifies standards and XML formats for reporting and analyzing system vulnerabilities?

OVAL

You want to use a vulnerability scanner to check a system for known security risks. What should you do first?

Update the scanner definition files

You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept packets sent to those services. Which tool should you use?

Port scanner

You want to use a tool to scan a system for vulnerabilities including open ports, running services, and missing patches. Which tool would you use? (select two)

Retina Nessus

Vulnerability scanner

Software that passively searches an application, computer, or network for weaknesses.

Which of the following is the type of port scan that does not complete the full three-way TCP handshake, but rather listens only for either SYN/ACK or RST/ACK packets?

TCP SYN scan

Vulnerability assessment

The process of identifying vulnerabilities in a system or network that can be performed by a network administrator or by a third party.

You want to be able to identify the services running on a set of servers on your network. Which tool would best give you the information you need?

Vulnerability scanner


Related study sets

Chapter 6 Ethical and Legal Issues

View Set

Health Challenges: practice questions (Care for older adults & infection)

View Set

Intro to Construction Materials Midterm

View Set

Practice Problems for NUR 114 Perfusion

View Set

даты по Всемирной истории

View Set

Trigger finger and carpal tunnel

View Set