Overview
One of the most important first steps to risk management and implementing a security strategy is to identify all resources and hosts within the IT infrastructure. Once you identify the workstations and servers, you now must then find the threats and vulnerabilities found on these workstations and servers. Servers that support mission critical applications require security operations and management procedures to ensure C-I-A throughout. Servers that house customer privacy data or intellectual property require additional security controls to ensure the C-I-A of that data. This lab requires the students to identify threats and vulnerabilities found within the Workstation, LAN, and Systems/Applications Domains.
Lab Assessment Questions & Answers
What are the differences between ZeNmap GUI (Nmap) and Nessus?
Which scanning application is better for performing a network discovery reconnaissance probing of an IP network infrastructure
Which scanning application is better for performing a software vulnerability assessment with suggested remediation steps
While Nessus provides suggestions for remediation steps, what else does Nessus provide that can help you assess the risk impact of the identified software vulnerability
Are open ports necessarily a risk? Why or why not
When you identify a known software vulnerability, where can you go to assess the risk impact of the software vulnerability
If Nessus provides a pointer in the vulnerability assessment scan report to look up CVE-2009-3555 when using the CVE search listing, specify what this CVE is, what the potential exploits are, and assess the severity of the vulnerability
Explain how the CVE search listing can be a tool for security practitioners and a tool for hackers
What must an IT organization do to ensure that software updates and security patches are implemented timely
What would you define in a vulnerability management policy for an organization
Комментариев нет:
Отправить комментарий