Process Monitoring (3.3)

Question 1

NMAP

Answer 1

Network Mapper, find and learn more about network devices

Question 2

Ports Scan

Answer 2

Find devices and identify open ports

Question 3

Operating System Scan

Answer 3

Discover the OS without logging into a device

Question 4

Service Scan

Answer 4

What service is available on the device?

Question 5

Additional Scripts

Answer 5

NMAP scripting engine (NSE)

Question 6

Vulnerability Scanning

Answer 6

Usually minimally invasive, poke around and see whats open, identify systems and security devices and you can test from the outside or the inside. They gather as much info as possible.

Question 7

Vulnerability scan results

Answer 7

• Lack of security controls (no firewall, no anti-virus)
• Misconfigurations (open shares, guest access)
• Real vulnerabilities (especially newer ones, occasionally old ones)

Question 8

Patch Management

Answer 8

• Incredibly Important for system stability and security fixes
• Service Packs all at once
• Monthly Updates - Incremental
• Emergency out of band updates - Zero day and important security discoveries

Question 9

Baseline Review

Answer 9

Allows you to understand what normal operation of network might be over time. Any reports that show a change to baseline might require investigation

Question 10

Protocol Analyzer

Answer 10

• Solves complex application issues (gets into Details)
• Gathers packets on the network
• Allows you to see traffic paters (Identify unknown traffic, verify packet filtering and security controls
• Large Scale Storage