GIAC Penetration Tester (GPEN) — Question 23

During a penetration test you discover a valid set of SSH credentials to a remote system. How can this be used to your advantage in a Nessus scan?

Answer options

• A. This information can be entered under the 'Hydra' tab to launch a brute-forcepassword attack.
• B. There isn't an advantage as Nessus will ultimately discover this information.
• C. The "SSH' box can be checked to let Nessus know the remote system is running
• D. This information can be entered under the 'credentials' tab to allow Nessus to log into the system

Correct answer: C

Explanation

The correct answer is C because checking the 'SSH' box in Nessus allows the scanner to utilize the SSH protocol for authentication, ensuring it can properly scan the remote system. Option A is incorrect as it refers to a brute-force attack, which isn't relevant to Nessus scanning. Option B is misleading because while Nessus can discover vulnerabilities, having valid credentials enhances its scanning capabilities. Option D, while somewhat correct, does not specifically mention the importance of checking the 'SSH' box.