Information Security

profilegueest 5464
risk2e_lab05_aw.pdf

Assessment Worksheet

Identifying Risks, Threats, and Vulnerabilities in an IT Infrastructure Using Zenmap® GUI (Nmap) and Nessus® Reports

Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________

Overview

In this lab, you looked at an Nmap® report and a Nessus® report. You visited the http://cve.mitre.org Web site, you defined vulnerability and exposure according to the site, and you learned how to conduct searches of the Common Vulnerabilities and Exposures (CVE) listing.

Lab Assessment Questions & Answers

1. Describe the purpose of a Zenmap® GUI (Nmap) report and Nessus® report?

2. Review the Lab 5 Nmap Scan Report. On page 6, what ports and services are enabled on the Cisco Adaptive Security Appliance device?

3. Review the Lab 5 Nmap Scan Report. On page 6, what is the source IP address of the Cisco Adaptive Security Appliance device?

4. How many IP hosts were identified in the Lab 5 Nessus Vulnerability Scan Report? List them.

43

Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual

5. When you identify a known software vulnerability, where can you go to assess the risk impact of the software vulnerability?

6. Define CVE.

7. Explain how the CVE search listing can be a tool for security practitioners and a tool for hackers.

  1. Course Name and Number:
  2. Student Name:
  3. Instructor Name:
  4. Lab Due Date:
  5. Text45:
  6. Text46:
  7. Text47:
  8. Text48:
  9. Text49:
  10. Text50:
  11. Text51: