1.7 Vulnerability Scans

Question 1

What do you need to remember about credentialed vs non-credentialed vulnerability scans?

Answer 1

Credentialed means the scanner has authenticated to the to the device. Any un-credentialed scan would only be able to gain information available without authentication, meaning they cant see internal details.

Question 2

What does a credentialed scan emulate?

Answer 2

An attack from an insider

Question 3

What is a vulnerability scanning tool that we need to know for Security+?

Answer 3

Nessus

Nmap for network discovery of networks, services, OS info, ports.

Question 4

How does the vulnerability scanner detect issues?

Answer 4

Signature based detection. It will also detect a lack of security controls such as no firewall, antivirus, guest accounts, open files, outdated software.

It will also point out vulnerabilities for informational purposes

Question 5

What types of scan do vulnerability scanners provide?

Answer 5

Applications, Web Apps, Network Scans (misconfigured firewalls, open ports, vulnerable devices)

Question 6

Note for test

Answer 6

Vulnerabilities can be cross referenced online, and some can not be definitively identified so you will need to investigate yourself by testing the issue.

You can always do audits/configuration reviews without a vulnerability scanner.

Question 7

What are possible actions to take if you get false positives or false negatives?

Answer 7

Make sure your scanner is up to date, or work with the vulnerability detection manufacturer to make sure they are aware of something they don’t know.