SANS SEC504: Hacker Tools, Techniques and Incident Handling — Question 1
You work as a Network Administrator for Net Perfect Inc. The company has a Windows-based network. The company wants to fix potential vulnerabilities existing on the tested systems. You use Nessus as a vulnerability scanning program to fix the vulnerabilities. Which of the following vulnerabilities can be fixed using
Nessus?
Each correct answer represents a complete solution. Choose all that apply.
Answer options
- A. Misconfiguration (e.g. open mail relay, missing patches, etc.)
- B. Vulnerabilities that allow a remote cracker to control sensitive data on a system
- C. Vulnerabilities that allow a remote cracker to access sensitive data on a system
- D. Vulnerabilities that help in Code injection attacks
Correct answer: A, B, C
Explanation
Nessus is effective in identifying and fixing misconfigurations, as well as vulnerabilities that could allow remote attackers to control or access sensitive data (options A, B, and C). However, it may not directly fix vulnerabilities related to code injection attacks (option D), as these often require code changes rather than configuration adjustments.