Information Security
Assessment Worksheet
Identifying Risks, Threats, and Vulnerabilities in an IT Infrastructure Using Zenmap® GUI (Nmap) and Nessus® Reports
Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________
Overview
In this lab, you looked at an Nmap® report and a Nessus® report. You visited the http://cve.mitre.org Web site, you defined vulnerability and exposure according to the site, and you learned how to conduct searches of the Common Vulnerabilities and Exposures (CVE) listing.
Lab Assessment Questions & Answers
1. Describe the purpose of a Zenmap® GUI (Nmap) report and Nessus® report?
2. Review the Lab 5 Nmap Scan Report. On page 6, what ports and services are enabled on the Cisco Adaptive Security Appliance device?
3. Review the Lab 5 Nmap Scan Report. On page 6, what is the source IP address of the Cisco Adaptive Security Appliance device?
4. How many IP hosts were identified in the Lab 5 Nessus Vulnerability Scan Report? List them.
43
Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual
5. When you identify a known software vulnerability, where can you go to assess the risk impact of the software vulnerability?
6. Define CVE.
7. Explain how the CVE search listing can be a tool for security practitioners and a tool for hackers.
- Course Name and Number:
- Student Name:
- Instructor Name:
- Lab Due Date:
- Text45:
- Text46:
- Text47:
- Text48:
- Text49:
- Text50:
- Text51: