Exam GPEN All QuestionsBrowse all questions from this exam
Question 49

During a penetration test you discover a valid set of SSH credentials to a remote system. How can this be used to your advantage in a Nessus scan?

    Correct Answer: D

    Entering the SSH credentials under the 'credentials' tab in Nessus allows the scanner to log into the system. This enables Nessus to perform an authenticated scan, providing more detailed and accurate information about the vulnerabilities on the remote system. Simply checking a box to indicate that SSH is running does not leverage the full advantage of having valid credentials.

Discussion
devnullOption: D

I think the correct answer is D. Scanners like Nessus can detect that SSHD is running on the target system, so you don't need to teach it to them manually. If you want to know how effective SSH credentials are for Nessus, please refer to the link. https://docs.tenable.com/nessus/Content/ConfigureNessusForSSHHostBasedChecks.htm