Professional Documents
Culture Documents
Lab Guide
Notes: Though you have the ability to create new templates from scratch by selecting the ‘New Scan
Template’ button, you rarely should have to do this. It is advised that you copy an existing template that
closely achieves your scanning objectives by selecting the icon in the column labeled ‘Copy’.
1. Click the Create button in the top menu, select Asset Group
2. Change the Filter criteria to OS contains Linux.
3. Click the + to add another filter criterion.
4. Create a second filter Software name contains Ubuntu
5. Click the search button.
6. Scroll down to verify you have matching assets.
7. Leave type as Static.
8. Name the new asset group ‘Ubuntu Linux ’.
9. Enter a brief description
10. Click Save.
11. Verify the new asset group is displayed in the asset group listing, and that it is static.
1. Click the Create button in the top menu, select Dynamic Asset Group.
2. Create a filter with the following criteria:
a. OS contains Windows
b. Vulnerability Title contains SSL
3. Click Search
4. After the search returns results, select create asset group
5. Name the asset group ‘Windows SSL Vulnerabilities’.
6. Enter a brief description
7. Click Save
8. Go to the Nexpose Home page and locate Windows SSL Vulnerabilities. Select the new asset group to
view the assigned assets. (The new asset group may be located on the 2nd page.)
9. Verify the assets displayed in step 8 are included in the asset group.
This group will change over time. New Assets that meet the criteria (from step 3) will be added to the
group with each scan.
Bonus question:
1. From the console, select Administration from the left menu, then Manage under the Engines section.
2. Generate a scan engine share secret at the bottom of the page.
2. Click on the Terminal shortcut in the left side menu bar. This will open a command prompt window.
3. Type ‘sudo –i’ and press the Enter key to start an interactive shell session as root. When prompted,
enter the root password, ‘rapid7’. You should see the prompt change from ‘rapid7@NSE:~$’ to
‘root@NSE:~#’, indicating that you have successfully changed the permissions.
4. Change to the desktop directory by typing ‘cd /home/rapid7/Desktop’ and then press the Enter key.
5. Issue the list command ‘ls’ to display the files in this directory. The Nexpose install file
(/NeXposeSetup-Linux64.bin) should be listed as one of the files.
6. Change the properties of the Nexpose install file to allow execution of the binary. Type
7. Type ‘./NeXposeSetup-Linux64.bin’ to run the installer. This will launch the install wizard.
If the Nexpose Engine is not running, issue the following command: ‘service nexposeengine.rc start’
22. Close the Nexpose Engine VM and return to the Nexpose Console VM.
23. From the console, select Administration from the left menu, then Manage under the Engines section.
24. Verify that the new scan engine exists
Note: This can take 5-15 minutes for the initial connection to establish between the Engine and
Console. Continue to refresh the page until the engine appears.
1) Create a risk score card report for assets tagged with ‘Old Assets’ tag.
i. Monthly report runs on 1st of each month
ii. HTML Format
2) Create an executive summary report for all data in the system
i. Only user1 has permission to view/use this report
ii. automatically created weekly
1. What permissions listed allow a user to view vulnerability data for a site named ‘HQ’? (Select all that
apply)
a. A role that allows View Site Asset Data and access to the ‘HQ’ site
b. A role that allows View Group Asset Data and access to the ‘HQ’ site
c. Everyone can see vulnerability findings if they have access to the site ‘HQ’
d. Global Administrator access
e. None of the above
3. When sending your diagnostic information to support.rapid7.com you are doing it over a TLS-encrypted
session over port 443.
a. True
b. False
6. If the error message "Not enough memory to complete scan" occurs during a scan, which of the
following actions should be considered?
a. Run fewer simultaneous scans
b. Lower the number of scan threads allocated by your scan template
c. Power off the console
d. Both A and B
e. Both A and C
8. Which of the following report data export formats can Nexpose output?
a. CSV Export
b. XML Export
c. Database Export
d. CyberScope XML Export
e. All of the above
9. You have configured a scan for a class C network with the asset scope of 192.168.1.0/24, used the
built in scan template named ‘Full Audit’, and enabled syslog alerts to your SIEM at 10.1.4.2. You have
scheduled the scan to run monthly. Your scan has completed as scheduled, but your Policy Evaluation
report has no data. What is the likely cause?
a. The Full Audit template does not include Policy checks.
b. The Syslog alerts are not being delivered correctly.
c. The scan has likely failed.
d. You have input the scope incorrectly.
10. What URL would you use if trying to reach a remote Nexpose install on another server?
a. http://servername/nsc:3780
b. https://localhost:3780
c. https://serverIPaddress:3780
d. https://serverIPaddress:40814
11. You have a single dual-processor Nexpose console with 8GB of RAM. You currently have no additional
scan engines installed. You are attempting to scan 12 class C networks. Your scans seem to be failing
and you are seeing ‘out of memory’ errors entries in the console log. What is the BEST course action
that you should take to resolve the issue?
a. Increase the console's RAM.
b. Deploy Remote Scan Engines and offload scans from the console.
c. Increase available memory by stopping unnecessary services.
d. Spread your scans over a longer period.
12. Specify the devices to which you can apply custom tags: (Select all that apply)
a. An individual asset
b. Asset groups
c. Sites
d. Reports
e. Scan templates
14. Which of the following is a factor in the determination of vulnerability severity levels?
a. Temporal Scores
b. CVSS Scores
c. Weighted Scores
d. SANS Vulnerability Scores
1 = c, 2 = e, 3 = d, 4 = a, 5 = b