Which of the following network vulnerability scan indicators BEST validates a successful, active scan?
A.
The scan job is scheduled to run during off-peak hours.
B.
The scan output lists SQL injection attack vectors.
C.
The scan data identifies the use of privileged-user credentials.
D.
The scan results identify the hostname and IP address.
There are two major types of assessments:
– Penetration test
– Vulnerability assessment.
Different types of assessments can be performed, such as:
>> threat assessment
>> configuration assessment
>> vulnerability scan
The vulnerability assessment is a passive test that simply identifies security issues with the configuration of the system.
>> penetration test
A penetration test is considered an ACTIVE test because you are actually trying to compromise the system and bypass security controls.
When performing a penetration test, you are simulating true attacks that the company would experience from a real hacker.
This means that you will build up a toolkit of common penetration-testing tools, which are programs used by hackers to compromise systems, crack encryption, or tap into the communicatio
Scanning and Enumeration After the hacker has collected the IP addresses in the profiling phase, the hacker moves into the scanning phase.
The hacker is now doing reconnaissance, but it is considered active reconnaissance because the hacker is actually sending traffic to the company systems.
The goal of the scanning phase is to find out what services are running on the system by finding out the port numbers that are open on the system.
Once the hacker finds out the port numbers that are open, they will then do a banner grab from the system, which reports the version of the software that is running on that port.
The reason the hacker wants to know the version of the software is so that they can then research how to exploit that software.
To find out the services that are running on a system, the hacker will do a port scan on the system, which reports what ports are open.
To do a port scan, the hacker will use a program like nmap (command line) or SuperScan (Windows-based).
For example, you can use nmap -sT 10.0.0.1 to do a port scan on the 10.0.0.1 system.
>>> Vulnerability Scanner
A vulnerability scanner is used to identify weaknesses in the configuration of a system.
A vulnerability scanner is quite a bit different from a port scanner.
The vulnerability scanner will scan the system for known vulnerabilities and then report the problems that have been found.
The vulnerability scanner bases the decisions on a vulnerability database that is constantly being updated.
When you do the scan, the vulnerability scanner compares the patch level and the configuration of your system(s) against the vulnerability database to see if you are not following best practices (have vulnerabilities).
You can use a number of pieces of software to do a vulnerability scan of a system or network.
The following lists some of the popular vulnerability scanners:
.. MBSA – The Microsoft Baseline Security Analyzer is a free vulnerability scanner you can download that assesses the patch level and configuration of Microsoft products.
.. LANguard – LANguard (see Figure 18-11) is a commercial product created by GFI that scans the entire network and reports missing patches, ports that are opened, and system misconfigurations.
.. Nessus – Nessus is a popular vulnerability scanner that has been around for years and can be used to scan the network to identify vulnerabilities and patches missing on the systems.
>>>> Passive vs. Active Tools
There are different types of tools to perform security tests on a system; there are passive tools and active tools.
PASSIVE tools do not try to connect to a system, while active tools do.
An example of a passive scanning tool would be doing some DNS profiling where the hacker is only collecting information about a company from a DNS server, not the actual intended target, which is the web or FTP server.
An example of an ACTIVE tool is port scanners, as they are communicating with the intended victim system.
Because active tools communicate with the intended target, there is a chance the traffic can be detected.
— Passively testing security controls
Unlike a penetration test (active testing), a vulnerability assessment is considered a passive test because it does not actually try to compromise the system.
— Identify vulnerability
A vulnerability assessment will identify areas on the network and system where you are vulnerable to attack.
— Identify lack of security controls
A vulnerability assessment will identify security controls that are missing.
For example, it will identify if you have not configured permissions on a folder or if you do not have a firewall installed on a system.
— Identify common misconfigurations
One of the most important items that a vulnerability scanner may identify is that you have misconfigured the system and as a result have caused the system to be more open to attack.
7
1
— D is correct.
… Since this is an ACTIVE scan, we are talking about an INTRUSIVE Scan.
——-
ACTIVE (Intrusive) security analysis is when actual hands-on tests are run on the system in question.
These tests might require a device to be taken off the network for a short time, or might cause a loss in productivity.
Active scanning is used to find out if ports are open on a specific device, or to find out what IP addresses are in use on the network.
A backup of the systems to be analyzed should be accomplished before the scan takes place.
Active scanning (also known as intrusive scanning) can be detrimental to systems or the entire network, especially if you are dealing with a mission-critical network that requires close to 100% uptime.
In some cases, you can pull systems off the network or run your test during off-hours. But in other cases, you must rely on passive security analysis.
——
0
2
This questions is bogus. It can’t be a vulnerability test and an active test. It has to be either/or. Active tests are pen tests.
0
2
The answer is more simple to my mind. It is after a NETWORK scan OUTPUT
The only answer providing any network related output is :
D. – The scan results identify the hostname and IP address.
3
0