Sunday, March 10, 2024

Nessus Fundamentals Exam

 


Nessus Fundamentals Exam v2

You must answer all questions to proceed with the test
Single Choice
1)
To search for failed authentication what keyword should be used?
Single Choice
2)
What formats are supported when exporting scan data
Single Choice
3)
Which of the following is a Compliance benchmark?
Single Choice
4)
What is an example of a control?
Single Choice
5)
Best practices for Internal Vulnerability Assesments include
Single Choice
6)
When considering compliance in general, what are we considering?
Single Choice
7)
What phrase should be searched on to confirm the scan was performed with sufficient privileges?
Single Choice
8)
If I want to search for a specific plugin from all available plugins I can use
Single Choice
9)
What possible types of copromise are described in the Impact field of the CVSS Vector?
Single Choice
10)
When Installing Tenable Core+Nessus on Hyper-V what is the extension on the filename?
Single Choice
11)
What port do you connect to with your web browser to configure Nessus?
Single Choice
12)
When using the Advanced Scan Policy, where would I find the setting to have the scan NOT test the Nessus host for vulnerabilities?
Single Choice
13)
If I wanted to filter for all low, medium, high and critical vulnerabilities what is a possible filter?
Single Choice
14)
When Downloading Nessus make sure you select
Single Choice
15)
What credentials, if provided, will not allow for complete vulnerability assessment
Single Choice
16)
What Port does the management interface for Tenable Core + Nessus respond?
Single Choice
17)
To confirm that credentials worked in a scan, what keyword should I search on?
Single Choice
18)
If I create a scan where I have disabled a plugin family, and then enabled plugins inside that family, if new plugins appear in the family, what will happen the next time the scan is run?
Single Choice
19)
Which of the following are optional when creating a scan?
Single Choice
20)
What is the username on the management interface upon initial installation of Tenable Core + Nessus?
Single Choice
21)
If I want to do research on a specific vulnerability I could filter on
Single Choice
22)
If I wanted to search for operating systems and applications that have been designated end of life (EOL) by the vendor, I would filter on:
Single Choice
23)
Compliance scan results can be viewed on what tab in Nessus?
Single Choice
24)
What operating system are supported by Nessus for installation?
Single Choice
25)
When using the Tenable CORE + Nessus ISO for installation, what is the first step?
Single Choice
26)
When performing compliance scan, the credentials must
Single Choice
27)
If a given vulnerability has a folder next to it, that means
Single Choice
28)
If a compliance scan has no results, what should be checked?
Single Choice
29)
If the login banner is set, when does it appear?
Single Choice
30)
In which of the following cases would we use non credentialed scanning
Single Choice
31)
If a Plugin is in a family where the name contains "local security" checks, what is required in the scan definition?
Single Choice
32)
Which of the following a possible reasons for receiving partial scan results?
Single Choice
33)
What is the first step in the Nessus scan sequence
Single Choice
34)
When performing an offline registration, what is necessary to generate a license?
Single Choice
35)
On the vulnerability tab, what column is not sortable
Single Choice
36)
Vulnerabilities labeled as Informational have a CVSS score of
Single Choice
37)
After you create the first Nessus user
Single Choice
38)
What is NOT supported in a target range in a scan?
Single Choice
39)
Which of the following is not part of the Cyber Exposure Lifecycle?
Single Choice
40)
Where in the Advanced Scan policy can you enable the vulnerability assessment of Network Printers?
Single Choice
41)
The remediations tab in Nessus shows
Single Choice
42)
If on a Windows host, the remote registry service is set to manual, what must be changed in a scan policy?
Single Choice
43)
What types of vulnerabilities are NOT identified by non credentialed scans
Single Choice
44)
If a host does not meet the requirements benchmark it is labeled as a compliance
Single Choice
45)
Which of the following are true about a host discovery scan using the default template
Single Choice
46)
Which of the following are possible approaches to prioritization when using the remediations tab?
Single Choice
47)
In a non credentialed scan, Plugin ID 19506 (Nessus Scan Information) reports the scan as non credentialed using what phrase?
Single Choice
48)
On the Hosts tab, what column is NOT sortable?
Single Choice
49)
When installing Nessus on a host that does not have internet connectivity activiation is done
Single Choice
50)
If I want to prevent users from editing scan results what setting do I adjust
Single Choice
51)
To identify when last plugins are last updated, you click on
Single Choice
52)
Which of the following is a type of compromise
Single Choice
53)
When performing a credentialed scan of a Windows host, which of the following is NOT required.
Single Choice
54)
When performing a compliance scan, what scan template should be used?
Single Choice
55)
When performing a credentialed scan of a Windows host, what privileges must the credentials have?
Single Choice
56)
What part of the Cyber Exposure Lifecycle does Nessus not provide functionality for?
Single Choice
57)
If Scanning Operational technology asset, which section of the scan policy should be configured?
Single Choice
58)
If I want to prioritize my remediation activities focusing on critical assets, what analysis method should be used?
Single Choice
59)
When performing a credentialed scan of a Linux host, what port must be available to the Nessus scanner?
Single Choice
60)
If I want to prioritize my remediation activites based upon critical applications, what analysis method should I use?
Single Choice
2)
When installing Nessus on Microsoft Windows hosts, what also may be installed

Compliance Scan results appear on what tab in Nessus?
The Remediations tab allows the user to


In the filter, if I select "Match ALL of the following" what boolean logic is being applied?
The Contents of an audit file can be viewed:
When comparing scan results with Diff, if I set the primary results to the older scan I get
When comparing scan results with Diff, if I set the primary results to the newer scan I get
When performing a discovery scan, what tab will not appear?
TechTarget says that a vulnerablity creates:

Which of the following scan templates will not perform vulnerability analysis?

When Live results are enabled in a scan, when is the scan checked for new possible vulnerabilities

How do you configure Nessus if the host does not have Internet connectivity



A medium vulnerability has a CVSS score

When creating a Filter with the condition "Match All of the following" what does this mean?



External vulnerability assessments are



The Bell in the upper right hand Nessus window is

Tenable Virtual appliance are known by what name?


When examining the Remediations tab, what information is available?



What types of Hashes are supported when scanning Windows hosts?






Enabling UDP ping in a host discovery policy, it will:


When virtualizing Nessus, how much should you increase your CPU and RAM?




If I am looking for a specific scan I should use





If I want Nessus to update plugins and software automatically, what setting should I use under updates?


What types of scans are considered leading practices for vulnerability assessment


If I want to see when a scan started and ended, where would I look?

Vulnerability Severity is based upon




What is a possible reason for receiving some, but not all vulnerability information on a host?



In order for Nessus to send out an email with scan information once a scan has completed, what must be configured?
How much storage is required to install the Tenable Core + Nessus ISO?



Nessus is installed on a Microsoft Windows host using



What to Discovery Scan Templates allow us to do




For Credentialed scans, where would I look for specific information about what was discovered to Identify the vulnerability.



The Filter "Exploited by Nessus" will only appear in results when

Where do I create rules for plugins in an Advanced Dynamic Scan Policy?



What is a critical first step to cyber exposure



What types of ping are not used in a default discovery scan?
If I want to create a scan policy that does not use ARP ping, what scan template should I use as a baseline?



When performing a compliance scan using nessus, what must be attached to the scan policy?


Scan Templates allow us to create

Which of the following functions does Nessus not provide?



If I wanted to search on vulnerabilities where a possible compromise would be an impact on confidentiality, what could I filter on?
Which of the following are possible results when checking a specific control in a compliance benchmark


Cyber Exposure focuses on


Non Credentialed vulnerability scans identify vulnerabilities by


If I create a custom scan policy, when I create a scan, where is the new policy located?

In addition to traditional Host discovery scans, when using the host discovery template, what additional information can be gathered


To identify when last plugins are last updated, you click on
Single Choice
58)
Folders in Nessus allow you to
















YouTube Channel