We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy

Perform a Vulnerability Assessment

The whole doc is available only for registered users
  • Pages: 3
  • Word count: 580
  • Category: Security

A limited time offer! Get a custom sample essay written according to your requirements urgent 3h delivery guaranteed

Order Now

Upon completing this lab, students will be able to complete the following tasks: * Identify risks, threats, and vulnerabilities in an IP network infrastructure using ZenMap GUI (Nmap) to perform an IP host, port, and services scan * Perform a vulnerability assessment scan on a targeted IP subnetwork using Nessus® * Compare the results of the ZenMap GUI “Intense Scan” with a Nessus® vulnerability assessment scan * Assess the findings of the vulnerability assessment scan and identify critical vulnerabilities * Make recommendations for mitigating the identified risks, threats, and vulnerabilities as described on the CVE database listing

This lab demonstrates the first 3 steps in the hacking process that is typically performed when conducting ethical hacking or penetration testing. The first step in the hacking process is to perform an IP host discovery and port/services scan (Step 1: Reconnaissance & Probing) on a targeted IP subnetwork using ZenMap GUI (Nmap) security scanning software. The second step in the hacking process is to perform a vulnerability assessment scan (Step 2: Scanning) on the targeted IP subnetwork using Nessus® vulnerability assessment scanning software. Finally, the third step in the hacking process (Step 3: Enumeration) is to identify information pertinent to the vulnerabilities found in order to exploit the vulnerability.

Lab Assessment Questions & Answers

1. What is the application ZenMap GUI typically used for? Describe a scenario in which you would use this type of application. 2. What is the relationship between risks, threats and vulnerabilities as it pertains to Information Systems Security throughout the seven domains of a typical IT infrastructure? Answer: Risks = Vulnerabilities x Threats

3. Which application is used for Step #2 in the hacking process to perform a vulnerability assessment scan? 4. Before you conduct an ethical hacking process or penetration test on a live production network, what must you do prior to performing the reconnaissance and probing and scanning procedures? Answer:

* Perform an IP host discovery and port/services scan on the targeted IP subnet. * Perform a vulnerability assessment scan on the targeted IP subnet to discover what the weakest link in the system. 5. What is a CVE listing? Who hosts and who sponsors the CVE database listing website? Answer: CVE is Common Vulnerabilities and Exposures.

6. Can ZenMap GUI detect what operating systems are present on IP servers and workstations? What would that option look like in the command line if running a scan on 7. If you have scanned a live host and detected that it is running Windows XP workstation OS, how would you use this information for performing a Nessus® vulnerability assessment scan? 8. Once a vulnerability is identified by Nessus®, where can you check for more information regarding the identified vulnerability, exploits, and the risk mitigation solution? Answer: After vulnerability is identified by Nessus, you can click on the Reports tab to see details of the vulnerability include overview, solution, risk factor, and CVE listing information. 9. What is the major different between ZenMap GUI and Nessus®? Answer: ZenMap GUI just identifies risks, threats, and vulnerabilities. Nessus performs a vulnerability assessment scan, and then show you recommended solution and more details about the vulnerability. 10. Why do you need to run both ZenMap GUI and Nessus® to perform the first 3 steps of the hacking process? Answer: I think by performing both Zen Map and Nessus, we can compare the results and make the hacking process more achievable.

Related Topics

We can write a custom essay

According to Your Specific Requirements

Order an essay
Materials Daily
100,000+ Subjects
2000+ Topics
Free Plagiarism
All Materials
are Cataloged Well

Sorry, but copying text is forbidden on this website. If you need this or any other sample, we can send it to you via email.

By clicking "SEND", you agree to our terms of service and privacy policy. We'll occasionally send you account related and promo emails.
Sorry, but only registered users have full access

How about getting this access

Your Answer Is Very Helpful For Us
Thank You A Lot!


Emma Taylor


Hi there!
Would you like to get such a paper?
How about getting a customized one?

Can't find What you were Looking for?

Get access to our huge, continuously updated knowledge base

The next update will be in:
14 : 59 : 59