Vulnerability Scanning Flashcards
Ryan is conducting a penetration test and is targeting a database server. Which one of the following tools would best assist him in detecting vulnerabilities on that server?
A. Nessus
B. Nikto
C. SQLmap
D. OpenVAS
Answer:
C. SQLmap is a dedicated database vulnerability scanner and is the most appropriate tool for use in this scenario. Ryan might discover the same vulnerabilities using the general‐purpose Nessus or OpenVAS scanners, but they are not dedicated database vulnerability scanning tools. Nikto is a web application vulnerability scanner.
Gary is conducting a black‐box penetration test against an organization and is being provided with the results of vulnerability scans that the organization already ran for use in his tests. Which one of the following scans is most likely to provide him with helpful information within the bounds of his test?
A. Stealth internal scan
B. Full internal scan
C. Stealth external scan
D. Full external scan
Answer:
D. A full scan is likely to provide more useful and actionable results because it includes more tests. There is no requirement in the scenario that Gary avoid detection, so a stealth scan is not necessary. However, this is a black‐box test, so it would not be appropriate for Gary to have access to scans conducted on the internal network.
What tool can white‐box penetration testers use to help identify the systems present on a network prior to conducting vulnerability scans?
A. Asset inventory
B. Web application assessment
C. Router
D. DLP
Answer:
A. An asset inventory supplements automated tools with other information to detect systems present on a network. The asset inventory provides critical information for vulnerability scans. It is appropriate to share this information with penetration testers during a white‐box penetration test.
