1. What is the application ZenMap GUI typically used for? Describe a scenario in which you would use this type of application. It’s used for port scanning. It can be used to see what hosts are on the network and to see what services they are running.
2. What is the relationship between risks, threats and vulnerabilities as it pertains to Information Systems Security throughout the seven domains of a typical IT infrastructure? Threats and vulnerabilities lead risks, if you don’t have then then you don’t have any risk of anyone getting into your network
3. Which application is used for Step #2 in the hacking process to perform a vulnerability assessment scan? That would be Nessus is the application used.
4. Before you conduct an ethical hacking process or penetration test on a live production network, what must you do prior to performing the reconnaissance and probing and scanning procedures? You must get written permission
5. What is a CVE listing? Who hosts and who sponsors the CVE database listing website? A CVE (Common Vulnerabilities and Exposures) are known vulnerabilities and also show you how to patch them. They are from the Mitre Corporation but are under contract for Homeland Security and NCSD.
6. Can ZenMap GUI detect what operating systems are present on IP servers and workstations? What would that option look like in the command line if running a scan on 172.30.0.10? Yes it can detect what OS are being used. The command would be –o.
7. If you have scanned a live host and detected that it is running Windows XP workstation OS, how would you use this information for performing a Nessus vulnerability assessment scan? You can tell the scan to only include windows vulnerabilities.
8. Once vulnerability is identified by Nessus, where can you check for more information regarding the identified vulnerability, exploits, and the risk mitigation solution? At the CVE Website.
9. What is the major different between ZenMap GUI and Nessus? The is used to get IP host info and ports used and what services are on the