






















































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
This practice exam tests foundational and advanced knowledge of using Nessus for vulnerability scanning, configuration assessment, and compliance checks. Candidates must understand scan templates, credentialed vs. non-credentialed scans, plugin architecture, malware detection capabilities, scanning performance optimization, and interpreting vulnerability severity scores. The exam also includes troubleshooting scenarios, policy tuning, and integrating Nessus output into enterprise workflows.
Typology: Exams
1 / 94
This page cannot be seen from the preview
Don't miss anything!























































































Question 1. Which term best describes a weakness in a system that can be exploited to cause harm? A) Threat B) Risk C) Vulnerability D) Exposure Answer: C Explanation: A vulnerability is a flaw or weakness that can be leveraged by an attacker to compromise confidentiality, integrity, or availability. Question 2. In the vulnerability management lifecycle, which phase follows assessment? A) Identification B) Prioritization C) Remediation D) Verification Answer: B Explanation: After assessing vulnerabilities, organizations prioritize them based on severity, asset criticality, and business impact. Question 3. What is the primary purpose of Tenable Nessus in a security program? A) Patch deployment B) Threat intelligence aggregation C) Vulnerability scanning and assessment D) Intrusion detection Answer: C
Explanation: Nessus is a vulnerability scanner that discovers, assesses, and reports on security weaknesses. Question 4. Which scanning methodology sends packets to probe a target without logging into the system? A) Credentialed scanning B) Passive scanning C) Active scanning D) Agent‑based scanning Answer: C Explanation: Active scanning actively interacts with the target (e.g., sending probes) to discover vulnerabilities. Question 5. Which scoring system is most commonly used to express the severity of a vulnerability? A) NIST SP 800‑ 53 B) CVSS C) PCI DSS D) ISO 27001 Answer: B Explanation: The Common Vulnerability Scoring System (CVSS) provides a standardized numeric severity rating. Question 6. Which Nessus product is free for personal and small‑scale use? A) Nessus Professional B) Nessus Manager
B) Windows Server 2019 C) macOS Big Sur D) Red Hat Enterprise Linux 9 Answer: C Explanation: Nessus does not provide a native installer for macOS; it must be run in a virtualized environment. Question 10. During registration, what unique identifier must be entered to activate a Nessus scanner? A) License key B) MAC address C) IP address range D) Administrator password Answer: A Explanation: A license key (or activation code) is required to register and activate the Nessus product. Question 11. Which step is performed first when installing Nessus on a Linux host? A) Running the Nessus daemon B) Importing plugins C) Adding the repository and installing the .deb/.rpm package D) Creating scan policies Answer: C Explanation: Installation begins with adding the Tenable repository and installing the appropriate package.
Question 12. After installation, how does an administrator access the Nessus web UI? A) Via SSH to port 22 B) Through a browser at https://
Explanation: An ICMP ping sweep uses Echo Request packets to discover responsive hosts. Question 18. When would an administrator choose ARP ping over ICMP ping for discovery? A) Scanning a routed WAN segment B) Scanning a local Ethernet network where ICMP is blocked C) Scanning IPv6 hosts D) Scanning wireless devices only Answer: B Explanation: ARP operates at layer 2 and can discover hosts on the same broadcast domain even when ICMP is filtered. Question 19. How can specific IP ranges be excluded from a Nessus scan? A) By adding them to the “Ignored Hosts” list in the scan policy B) By deleting them from the asset list after the scan C) By setting the scanner to “Passive Mode” D) By disabling host discovery entirely Answer: A Explanation: The “Ignored Hosts” field lets users specify IPs or CIDR blocks that the scanner will skip. Question 20. Which type of asset does Nessus track using a unique UUID rather than an IP address? A) Cloud‑based virtual machines B. Physical servers only C) Mobile devices only D) Network printers only
Answer: A Explanation: Nessus assigns a UUID to cloud assets so they can be tracked even when their public IP changes. Question 21. What is the purpose of an “Asset List” in Nessus? A) To store plugin output logs B) To define a reusable group of targets for scans C) To configure credential databases D) To manage user permissions Answer: B Explanation: Asset lists are collections of IPs, hostnames, or UUIDs that can be referenced by multiple scans. Question 22. Which scan template is optimized for quick, unauthenticated network sweeps? A) Advanced Scan B) Basic Network Scan C) Web Application Test D) Credentialed Patch Audit Answer: B Explanation: The Basic Network Scan performs a fast, non‑credentialed assessment of common ports and services. Question 23. In a custom scan policy, disabling the “Microsoft Windows” plugin family will have what effect? A) All Windows‑specific checks are omitted, reducing scan time on Windows hosts
Question 26. Which protocol is commonly used to provide Windows credentials to Nessus for credentialed scanning? A) SSH B) SMB (via WMI) C) RDP D) Telnet Answer: B Explanation: Nessus uses SMB/WMI to authenticate to Windows systems and retrieve system information. Question 27. If a credentialed scan fails with “Access denied,” what is the most likely cause? A) The target host is offline B) Incorrect username/password or insufficient privileges C) Plugin library is out of date D) Network latency exceeds the timeout value Answer: B Explanation: “Access denied” indicates that the supplied credentials are invalid or lack the required rights (e.g., admin/local system). Question 28. When scheduling a scan to run every Sunday at 02:00 AM, which option must be configured? A) “Start Time” only B) “Recurrence” set to Weekly, day = Sunday, time = 02: C) “Frequency” set to Daily with a 7‑day interval D) “Run Once” with a custom cron expression
Answer: B Explanation: The Recurrence settings allow specifying the exact day of the week and time for repeated execution. Question 29. Which action can be performed on a running Nessus scan? A) Edit the scan policy without stopping the scan B) Pause the scan, make changes, then resume C) Change the target list while the scan is in progress D) Export results in real time Answer: B Explanation: Nessus permits pausing an active scan, after which modifications can be made before resuming. Question 30. What type of compliance check does Nessus use to verify system configuration against industry standards? A) Vulnerability plugin families B) Audit files (e.g., CIS, DISA STIG) C) Port scanning rules D) Credential validation scripts Answer: B Explanation: Audit files contain policy checks that compare system settings to benchmarks such as CIS or DISA STIG. Question 31. Which Nessus deployment option provides centralized management of multiple scanners? A) Nessus Essentials
Question 34. Which operating system must be running a 64‑bit kernel for Nessus Professional? A) Windows 7 32‑bit B) Ubuntu 18.04 LTS 64‑bit C) macOS 10.14 32‑bit only D) Debian 7 32‑bit Answer: B Explanation: Nessus Professional requires a 64‑bit OS; Ubuntu 18.04 LTS 64‑bit meets this requirement. Question 35. During activation, what is the purpose of the “Activation Code” field? A) To set the administrator password B) To link the scanner to a Tenable.io or Tenable.sc account C) To specify the default scan policy D) To define the network interface for scanning Answer: B Explanation: The activation code registers the scanner with Tenable’s cloud platforms, enabling license validation and updates. Question 36. Which of the following is NOT a valid method for updating Nessus plugins? A) Automatic online update via Tenable server B) Manual offline bundle import C) Copying plugin files from a different scanner without verification D) Scheduling daily update checks in the UI Answer: C
Explanation: Directly copying plugin files bypasses integrity checks and can corrupt the scanner; it is not a supported method. Question 37. What does the “License Expiration” date indicate in the Nessus UI? A) When the scanner will stop scanning hosts B) The date after which the scanner can no longer receive updates or run scans C) The next scheduled scan date D) The end of the support contract for the operating system Answer: B Explanation: After the license expires, Nessus disables scanning and plugin updates until renewal. Question 38. Which Nessus component stores scan results for later retrieval? A) Plugin repository B) Scan database (SQLite) C) Credential vault D) Asset tracker Answer: B Explanation: Scan results are persisted in a local SQLite database on the scanner host. Question 39. When configuring a Nessus scanner behind a proxy, which setting must be adjusted? A) “Network” tab – “Proxy Server” field B) “Advanced” tab – “Maximum Hosts” C) “Credentials” tab – “Proxy Username” D) “Plugins” tab – “HTTP Proxy” option
D) TCP SYN to port 80 Answer: C Explanation: ICMPv6 ND works at layer 2 for IPv6 and discovers hosts similarly to ARP for IPv4. Question 43. How does Nessus differentiate between a “host” and a “service” in its results? A) Hosts are identified by IP/UUID; services are identified by port and protocol B) Hosts are only Windows; services are only Linux C) Hosts are scanned first; services are scanned only if credentials are provided D) There is no distinction; both are treated the same Answer: A Explanation: Nessus reports each host (IP/UUID) and then lists services (port/protocol) discovered on that host. Question 44. Which scan policy option allows the scanner to continue despite network errors? A) “Enable Retries” B) “Treat All Errors as Fatal” (unchecked) C) “Aggressive Timing” D) “Disable Host Discovery” Answer: B Explanation: Unchecking “Treat All Errors as Fatal” tells Nessus to log the error and proceed with remaining targets. Question 45. What is the primary purpose of the “Compliance” tab in a scan policy? A) To select which CVSS scores to include
B) To specify audit files and compliance benchmarks C) To configure credential timeouts D) To define network throttling parameters Answer: B Explanation: The Compliance tab lets users add audit files (e.g., CIS, STIG) that the scanner will use for configuration checks. Question 46. Which of the following is a valid credential type for scanning a Linux host? A) NTLM hash B) SSH private key C) RDP token D) SMB share password Answer: B Explanation: SSH keys are commonly used for password‑less authentication to Linux systems during credentialed scans. Question 47. In a credentialed Windows scan, which protocol does Nessus use to retrieve patch information? A) SMB (via WMI) B) FTP C) HTTP D) SNMP Answer: A Explanation: Nessus uses SMB/WMI to query Windows Management Instrumentation for installed updates and patches.
Explanation: A CVSS base score of 9.8 falls into the “Critical” category, meaning the issue is both easy to exploit and potentially very damaging. Question 51. Which Tenable product provides a cloud‑based interface for aggregating Nessus scan data across multiple sites? A) Tenable.io B) Tenable.sc C) Tenable.ot D) Tenable.ad Answer: A Explanation: Tenable.io is the SaaS platform that collects and visualizes data from distributed Nessus scanners. Question 52. How does Tenable Lumin enhance vulnerability prioritization? A) By adding a random weighting factor to each CVSS score B) By correlating vulnerabilities with asset criticality, threat intel, and exploitability to produce a risk‑based score C) By only showing vulnerabilities with a CVSS score above 7. D) By automatically patching the identified vulnerabilities Answer: B Explanation: Lumin uses asset context, threat data, and vulnerability severity to calculate a predictive risk score for prioritization. Question 53. Which export format is most suitable for importing scan results into a ticketing system via CSV parsing? A) PDF B) HTML
Answer: C Explanation: CSV provides a plain‑text, column‑based structure that many ticketing tools can readily parse. Question 54. What is the purpose of the “Remediation” tab in a Nessus report view? A) To modify plugin settings after the scan B) To display recommended actions and patches for each identified issue C) To schedule a new scan automatically D) To delete false‑positive findings Answer: B Explanation: The Remediation tab lists vendor patches, configuration changes, or mitigations for each vulnerability. Question 55. Which of the following is a recommended practice after fixing a high‑severity vulnerability? A) Delete the host from the asset list B) Re‑run a credentialed scan to verify remediation C) Disable the Nessus scanner to reduce load D) Change the scan policy to “Basic Network Scan” only Answer: B Explanation: Re‑scanning validates that the remediation was successful and updates the risk posture.