Network-Based Vulnerability Assessment

A.

A network-based vulnerability assessment tool/system either re-enacts system attacks, noting and recording responses to the attacks, or probes different targets to infer weaknesses from their responses.

Since the assessment is actively attacking or scanning targeted systems, network-based vulnerability assessment systems are also called active vulnerability systems.

There are mostly two main types of test: PASSIVE:You don't send any packet or interact with the remote target.You make use of public database and other techniques to gather information about your target.

ACTIVE:You do send packets to your target, you attempt to stimulate response which will help you in gathering information about hosts that are alive, services runnings, port state, and more.

See example below of both types of attacks: Eavesdropping and sniffing data as it passes over a network are considered passive attacks because the attacker is not affecting the protocol, algorithm, key, message, or any parts of the encryption system.

Passive attacks are hard to detect, so in most cases methods are put in place to try to prevent them rather than to detect and stop them.

Altering messages , modifying system files, and masquerading as another individual are acts that are considered active attacks because the attacker is actually doing something instead of sitting back and gathering data.

Passive attacks are usually used to gain information prior to carrying out an active attack.

IMPORTANT NOTE: On the commercial vendors will sometimes use different names for different types of scans.However, the exam is product agnostic.They do not use vendor terms but general terms.Experience could trick you into selecting the wrong choice sometimes.See feedback from Jason below: "I am a system security analyst.It is my daily duty to perform system vulnerability analysis.We use Nessus and Retina (among other tools) to perform our network based vulnerability scanning.Both commercially available tools refer to a network based vulnerability scan as a"credentialed" scan.

Without credentials, the scan tool cannot login to the system being scanned, and as such will only receive a port scan to see what ports are open and exploitable" Reference(s) used for this question: Harris, Shon (2012-10-18)

CISSP All-in-One Exam Guide, 6th Edition (p.

865)

McGraw-Hill.

Kindle Edition.

and DUPUIS, Clement, Access Control Systems and Methodology CISSP Open Study Guide, version 1.0, march 2002 (page 97).

A network-based vulnerability assessment is a type of security testing that identifies vulnerabilities and weaknesses in a network infrastructure. It involves actively scanning the network for potential vulnerabilities in the system's protocols, services, and applications.

The correct answer to the exam question is A, an active vulnerability assessment. This is because an active vulnerability assessment is a type of security testing that involves simulating real-world attacks on a system to identify potential vulnerabilities.

Active vulnerability assessments involve using automated tools and techniques to scan a network for vulnerabilities that can be exploited by an attacker. This includes scanning for open ports, checking for outdated software versions, and testing the security of the system's authentication and authorization mechanisms.

In contrast, a passive vulnerability assessment (option D) involves monitoring network traffic for vulnerabilities without actively probing the system. This approach is less intrusive and can be useful for detecting network-based attacks that rely on traffic interception or sniffing.

Option B, a routing vulnerability assessment, is not an accurate description of a network-based vulnerability assessment as it refers to a specific type of vulnerability that affects routing protocols.

Option C, a host-based vulnerability assessment, is a type of security testing that focuses on identifying vulnerabilities in individual devices or systems rather than the network as a whole. This approach is complementary to network-based vulnerability assessments, but not interchangeable with it.