Examice

Exam GCIH All QuestionsBrowse all questions from this exam

Question 15

You work as a Network Administrator for Net Perfect Inc. The company has a Windows-based network. The company wants to fix potential vulnerabilities existing on the tested systems. You use Nessus as a vulnerability scanning program to fix the vulnerabilities. Which of the following vulnerabilities can be fixed using

Nessus?

Each correct answer represents a complete solution. (Choose all that apply.)

Misconfiguration (e.g. open mail relay, missing patches, etc.)

Vulnerabilities that allow a remote cracker to control sensitive data on a system

Vulnerabilities that allow a remote cracker to access sensitive data on a system

Vulnerabilities that help in Code injection attacks

Correct Answer: A

Nessus is a powerful vulnerability scanning tool used to detect and assess a wide range of vulnerabilities in a network. It can identify misconfigurations, such as open mail relay and missing patches, and recommend remediation steps to fix these issues. While Nessus can detect vulnerabilities that allow remote attackers to control or access sensitive data or facilitate code injection attacks, it does not directly fix these vulnerabilities. Nessus provides information to help network administrators identify and prioritize issues, but the actual remediation must be performed by the administrators.

Discussion

DudetteOption: A

I swear 90% of these answers are wrong! A. Misconfiguration (e.g. open mail relay, missing patches, etc.) Nessus is a powerful vulnerability scanning tool that can be used to detect and assess a wide range of vulnerabilities in a network. It can identify misconfigurations, such as open mail relay and missing patches, and recommend remediation steps to fix these issues. While Nessus can detect and assess other types of vulnerabilities, such as those that allow a remote attacker to control or access sensitive data on a system, it does not fix these vulnerabilities. Instead, Nessus provides information to help network administrators identify and prioritize the vulnerabilities that need to be addressed. Code injection attacks are a type of security vulnerability that allow attackers to inject malicious code into a system or application, and Nessus can detect and assess these vulnerabilities. However, Nessus does not fix these vulnerabilities and instead provides information to help administrators remediate them. Therefore, the vulnerability that can be fixed using Nessus is misconfiguration (e.g. open mail relay, missing patches, etc.).

The question is weird, Nessus does not fix vulnerabilities it recommend remediation steps to fix these issues.