Question

A security analyst performs various types of vulnerability scans. Review the vulnerability scan results to determine the type of scan that was executed and if a false positive
occurred for each device.
Instructions:
Select the Results Generated drop-down option to determine if the results were generated from a credentialed
scan, non-credentialed scan, or a compliance scan.
For ONLY the credentialed and non-credentialed scans, evaluate the results for false positives and check the
findings that display false positives. NOTE: If you would like to uncheck an option that is currently selected, click
on the option a second time.
Lastly, based on the vulnerability scan results, identify the type of Server by dragging the Server to the results.
The Linux Web Server, File-Print Server and Directory Server are draggable.
If at any time you would like to bring back the initial state of the simulation, please select the Reset All button.
When you have completed the simulation, please select the Done button to submit. Once the simulation is
submitted, please select the Next button to continue.

Network Diagram DMZ Anonymizing Proxy External Host Mail Proxy Linux Web Server Directory Server File Print Server Server VLAN Switch Switch Switch Windows Workstation Linux Workstation Thin Client Switch User VLAN Internet Router Firewall Hot Area: Results Generated False Positive Findings Listing 1 Critical (100) 12209 Security Update for Microsoft Windows (835732) Critical (10.0) 13852 Microsoft Windows Task Scheduler Remote Overflow (841873) Critical (10.) 18502 Vulnerability in SM B Could allow Remote Code Execution (896422) Critical (100) 58662 Samba 3.x<3.6.4/3.5.14/3.4.16 RPC Multiple Buffer Overflows (20161146) Critical (10.0) 19407 Vulnerability in Printer Spooler Service Could Allow Remote Code Execution (896423) Credentialed Non-Credentialed Compliance Results Generated False Positive Findings Listing 2 Critical (100) 19407 Vulnerability in Printer Spooler Service Could Allow Remote Code Execution (896423) Critical (10.0) 11890 Ubuntu 5.0/5.10/6.06 LTS : Buffer Overrun in Messenger Service (CVE-2016-8035) Critical (10.0) 27942 Ubuntu 5.04/5.10/6.06 LTS : php5 vulnerabilities (CVE-2016-362-1) Critical (10.0) 27978 Ubuntu 5.10/6.06 LTS/6.10 :gnupg vulnerability (CVE-2016-3931) Critical (10.0) 28017 Ubuntu 5.10/6.06 LTS/6.10 : php5 regression (CVE-2016-4242) Credentialed Non-Credentialed Compliance Results Generated OOOOO False Positive Findings Listing 3 WARNING (1.0.1) System cryptography. Force strong key protection for user keys stored on the computer. Prompt the User each time a key is first used INFORM (1.2.4) Network access: Do not allow anonymous enumeration of SAM accounts: Enabled INFORM (1.3.4) Network access: Do not allow anonymous enumeration of SAM accounts and shares: Enabled INFORM (1.5.0) Network access: Let everyone permissions apply to anonymous users: Disabled INFORM (1.6.5) Network access: Sharing and security model for local accounts Classic - local users authenticate as themselves Credentialed Non-Credentialed Compliance

Answer 1

The answer for the above question will be as follows including type of scan that was executed, false positives evaluation and type of Server :

For Device 1 :-

Type of scan : NON-CREDENTIALED scan

False Positives Evaluation : False Positives is the first bullet point

Type of Server : File Print Server

For Device 2 :-

Type of scan : CREDENTIALED scan

False Positives Evaluation : No False Positives

Type of Server : Linux Web Server

For Device 3 :-

Type of scan : COMPLIANCE scan

False Positives Evaluation : Not applicable (As, per the given instructions For ONLY the credentialed and non-credentialed scans only false positives to be evaluated)

Type of Server : Directory Server

Thanks.