Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Pentest+ > 2.3 Information gathering & Vulnerability scanning: Vulnerability scanning > Flashcards

2.3 Information gathering & Vulnerability scanning: Vulnerability scanning Flashcards

1
Q

Vulnerability Scanning: what is it?

A

The process of assessing a computer, server, network, or application for known weaknesses:
● System weaknesses
● Report
● Recommendations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Vulnerability Lifecycle: what is a vulnerability?

A

Any weakness in a system that can be exploited by a threat actor to gain unauthorized access to a computer system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Vulnerability Lifecycle: what are the different attack surface - things that you can target for an attack (3)?

A

▪ Client
▪ Server
▪ Network device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Vulnerability Lifecycle: what is the Vulnerability Lifecycle (5) and describe each phase?

A

1/ Discover: identify vulnerability, create exploit
2/ Coordinate: report vulnerability, generate the CVE
3/ Mitigate: release CVE, create patch
4/ Manage: deploy patch, test system
5/ Document: record results, lessons learned

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Vulnerability Lifecycle: what is a Unknown (Zero-Day) Vulnerability?

A

Any unpublished vulnerability somebody has discovered and has not yet made known to the manufacturer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Vulnerability Scans: what is vulnerability scanning?

A

A specialized type of automated scan for hosts, systems, and networks to determine the vulnerabilities that exist on a given system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Vulnerability Scans: what are the vulnerability scanning tools(5)?

A

▪ OpenVAS
▪ Nessus
▪ QualysGuard
▪ Nexpose
▪ Nmap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Vulnerability Scans: what are the different vulnerability scanning types (2) and explain each of them?

A

▪ Credentialed Scan: Uses an authorized user or administrator’s account credentials to be performed. Credentialed scans are usually performed by the network defenders and cybersecurity analysts
▪ Non-Credentialed Scan: Conducted when the vulnerability scanner does not have valid user or admin login credentials

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Vulnerability Scans: what are the different scanning types (4)?

A

▪ Discovery Scan
▪ Full Scan
▪ Stealth Scan
▪ Compliance Scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Vulnerability Scans: what is a discover scan?

A

The least intrusive type of scan and can be as simple as conducting a ping sweep

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Vulnerability Scans: what is a full scan?

A

A full scan gets easily detected by network defenders and cybersecurity analysts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Vulnerability Scans: what is a stealth scan?

A

Conducted by sending a SYN packet and then analyzing the response (= SYN/ACK, RST)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Vulnerability Scans: how not to be detected when doing a stealth scan?

A

Evading Detection:
o Slow down scans
o Break into individual scans
o Mask true source

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Vulnerability Scans: what is a compliance scan?

A

● Used to identify vulnerabilities that may affect compliance with regulations or policies
● Example: PCI-DSS scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Vulnerability Scans: explain what Nmap is doing?

A

▪ A great tool for mapping out the network, finding open ports, running services, and the basic versioning of each service
▪ Nmap Scripting Engine (NSE): Conducts basic vulnerability scanning using Nmap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Vulnerability Scans: explain what Nessus is doing and what information can you retrieve from this scan?

A

Used to scanning the target network and then create a report of the vulnerabilities, missing patches, and misconfigurations that exist

17
Q

Vulnerability Scans: explain what Nexpose is doing?

A

A vulnerability scanner made by Rapid7

18
Q

Vulnerability Scans: explain what QualysGuard is doing?

A

Another commercially available vulnerability scanner

19
Q

Vulnerability Scans: explain what OpenVAS is doing?

A

An open-source vulnerability scanner

20
Q

Vulnerability Scans: explain what Nikto is doing?

A

Open-source web server scanner that performs comprehensive tests against web servers such as utdated server software, misconfigurations, and known vulnerabilities in web servers and web applications

21
Q

Vulnerability Scans: what topics should you consider while scanning and explain why (6)?

A

o Time: Not all scans will take the same amount of time
o Protocols: Each protocol scanned will take time and resources
o Network Topology
o Bandwidth Limitations: The location of the scan depends on your engagement goals and the type of asset you are scanning
o Query Throttling: Reduces the number of queries launched by the scanner at a given time
o Fragile Systems: Determine any fragile or non-traditional systems that could be affected by vulnerability scanning activities

Pentest+ (28 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions