Week 3 Questions
- What are the differences between ZeNmap GUI (Nmap) and Nessus?
- Which scanning application is better for performing a network discovery reconnaissance probing of an IP network infrastructure?
- Which scanning application is better for performing a software vulnerability assessment with suggested remediation steps?
- While Nessus provides suggestions for remediation steps, what else does Nessus provide that can help you assess the risk impact of the identified software vulnerability?
- Are open ports necessarily a risk? Why or why not?
- When you identify known software vulnerability, where can you go to assess the risk impact of the software vulnerability?
- If Nessus provides a pointer in the vulnerability assessment scan report to look up CVE-2009-3555 when using the CVE search listing, specify what this CVE is, what the potential exploits are, and assess the severity of the vulnerability?
- Explain how the CVE search listing can be a tool for security practitioners and a tool for hackers?
- What must an IT organization do to ensure that software updates and security patches are implemented timely?
- What would you define in a vulnerability management policy for an organization?