Nexpose Certified Administrator

Lab Guide

Last Revised: January 6, 2017

 Table of Contents

Table of Contents .............................................................................................................................................. 2

Lab 1: Create a Custom Scan Template ............................................................................................................ 3
Lab 2: Creating Static Sites/Launching a Scan .................................................................................................. 4
Lab 3: Asset Groups .......................................................................................................................................... 5
Task 1: Create a Static Asset Group .............................................................................................................. 5
Task 2: Create a Dynamic Asset Group ......................................................................................................... 5
Lab 4: Real Context ........................................................................................................................................... 6
Task 1: Tag an Individual Asset ..................................................................................................................... 6
Task 2: Dynamic Asset Tagging ..................................................................................................................... 6
Task 3: Tag Assets in a Site........................................................................................................................... 7
Task 4: Tag Assets in a Dynamic Asset Group .............................................................................................. 7
Task 5: Tag Assets in a Static Asset Group ................................................................................................... 7
Lab 5: Automated Actions.................................................................................................................................. 8
Lab 6: Create/Manage Users ............................................................................................................................. 9
Task 1: Update Password Policy .................................................................................................................... 9
Task 2: Create a New User ............................................................................................................................ 9
Task 3: Create a Global Admin User ............................................................................................................ 10
Lab 7: Create/Manage Tickets ........................................................................................................................ 11
Task 1: Create a Ticket ................................................................................................................................ 11
Task 2: Manage Tickets ............................................................................................................................... 11
Lab 8: Pairing the Console to an Engine.......................................................................................................... 12
Task 1: Get the Shared Secret .................................................................................................................... 12
Task 2: Install and Pair the Engine ............................................................................................................... 12
Lab 9: Credential Management ....................................................................................................................... 14
Task 1: Shared Credentials - SSH Credentials............................................................................................. 14
Task 2: Site Specific Credentials - Windows Credentials ............................................................................. 14
Lab 10: Exception Handling ............................................................................................................................. 15
Task 1: Submit an Exception........................................................................................................................ 15
Task 2: Approve/Reject an Exception Submission ....................................................................................... 15
Lab 11: Risk Score ......................................................................................................................................... 16
Task 1: Risk Score Adjustment .................................................................................................................... 16
Task 2: Change the Risk Strategy ................................................................................................................ 16
Lab 12: Manage Reports ................................................................................................................................. 17
Task 1: Create a Report Template (Document) ............................................................................................ 17
Task 2: Create a Report Template (CSV)..................................................................................................... 17
Task 3: Create a Report Document Report .................................................................................................. 18
Task 4: Create a CSV Report ....................................................................................................................... 19
Task 5: Advanced Challenge ...................................................................................................................... 19
Appendix A: Practice Exam ............................................................................................................................ 20

Last Revised: January 6, 2017

Lab 1: Create a Custom Scan Template
(Open the Nexpose Console, open your Firefox Browser, click on Nexpose in the Bookmark toolbar if
necessary, login with user1: password1)

1. From the console, select Administration from the left menu.

2. On the Scan Options | Templates section select manage.
3. Locate the ‘Full audit’ scan template. Click the Copy icon in this row.
4. Change the name of the template to ‘Full Audit with Modifications’.
5. Clear the current description and enter some text as the new description.
6. Configure your template with the following parameters: (Note: Clicking any of the individual sections on
the left menu will navigate through the various template sections.) For any sections not mentioned,
leave the default settings.
a. General
i. Change the number of simultaneous assets per Scan Engine from 10 to 15.
b. Asset Discovery
i. Discover assets with only ICMP and TCP protocols.
ii. Add ports 9100 and 10000 in the Send TCP Packets to port.
c. Service Discovery
i. Discover services on all TCP ports.
ii. Discover service on well-known UDP ports.
d. Web Spidering
i. Check the box under ‘Weak Credential Checking’ (Check use of common user names
and passwords).
ii. Change the Maximum spidering time (minutes) from 0 to 60.
iii. Increase the number of Spider threads per Web server to 6.
e. Policy Manager
i. Expand the CIS Section. (These are in alphabetical order)
a) Enable the Policy CIS Microsoft SQL Server 2008R2 Database Engine v1.2.0.
b) Enable the Policy CIS Redhat Enterprise Linux 5 Level Two 2.2.0.1.
7. Save the template by clicking the Save button in the upper right area.

Notes: Though you have the ability to create new templates from scratch by selecting the ‘New Scan
Template’ button, you rarely should have to do this. It is advised that you copy an existing template that
closely achieves your scanning objectives by selecting the icon in the column labeled ‘Copy’.

Last Revised: January 6, 2017

Lab 2: Creating Static Sites/Launching a Scan
1. From the console, select the Home link on the left menu to get to the Nexpose Dashboard.
2. Under the Sites section click on the Create Site button.
3. Configure the site with the following parameters: Note: Clicking the individual sections at the top (Info &
Security, Assets, etc.) will navigate through the various configuration sections. Each section may have
multiple configuration pages. You can navigate these using the top navigation
a. Info & Security
i. Name the Site ‘US Central Site’.
ii. Allow Sally User access to this site.
b. Assets
i. In the include section, enter the range ‘192.168.1.0/24’.
ii. Add ‘192.168.1.1’ to the Exclude list.
c. Templates
i. Select the scan template Full audit without Web Spider.
d. Engines
i. Select local scan engine.
e. Alerts
i. Create an email alert to ‘joeuser@rapid7labs.com’ from ‘no-reply@rapid7labs.com’. The
alert should only occur only if the scan fails. (You must click SAVE in this dialog box as
it will not save when you go to the next tab.)
f. Schedule
i. Click Create Schedule
ii. Enter ‘Start date and time’ to 9pm Pacific on the 10th of next month
iii. Set the Maximum scan duration to 3 hours 30 minutes.
iv. Set the Repeat scan every to every month on the 10th
v. Set the ‘If a scan reaches the maximum duration’ to ‘continue the scan where it
previously stopped’
vi. Click Save to commit your new schedule.
g. Blackout
i. Click Create Blackout on the left menu.
ii. Enable a blackout that starts on the next Friday from 1-4 am Eastern, and repeats
continues every Friday.
iii. Click Save to create the new blackout.
4. Click on Save and Scan in the upper right to save your site configuration and start a scan.
5. Return to the Nexpose Dashboard by clicking on the Home link on the left menu.
6. Monitor status under the ‘Current Scans for All Sites’ pane. This should auto refresh every few
seconds.

Last Revised: January 6, 2017

Lab 3: Asset Groups
Task 1: Create a Static Asset Group

1. Click the Create button in the top menu, select Asset Group
2. Change the Filter criteria to OS contains Linux.
3. Click the + to add another filter criterion.
4. Create a second filter Software name contains Ubuntu
5. Click the search button.
6. Scroll down to verify you have matching assets.
7. Leave type as Static.
8. Name the new asset group ‘Ubuntu Linux ’.
9. Enter a brief description
10. Click Save.
11. Verify the new asset group is displayed in the asset group listing, and that it is static.

Task 2: Create a Dynamic Asset Group

1. Click the Create button in the top menu, select Dynamic Asset Group.
2. Create a filter with the following criteria:
a. OS contains Windows
b. Vulnerability Title contains SSL
3. Click Search
4. After the search returns results, select create asset group
5. Name the asset group ‘Windows SSL Vulnerabilities’.
6. Enter a brief description
7. Click Save
8. Go to the Nexpose Home page and locate Windows SSL Vulnerabilities. Select the new asset group to
view the assigned assets. (The new asset group may be located on the 2nd page.)
9. Verify the assets displayed in step 8 are included in the asset group.
This group will change over time. New Assets that meet the criteria (from step 3) will be added to the
group with each scan.

Bonus question:

Which assets currently have DOS Vulnerabilities?

Last Revised: January 6, 2017

Lab 4: Real Context
Task 1: Tag an Individual Asset
1. Search for an asset using the search (magnify glass) icon in upper right with IP Address 192.168.x.x by
entering the string ‘192.168’
2. Click on the IP address 192.168.1.201.
3. From the right side of the page, under User-added Tags, click Add Tags.
4. Click on the Criticality tab
5. Select Low from the Tab Name dropdown menu, then click Add.
6. Click on the Locations tab
7. In the Tag Name field, type ‘London’ and click Add.
8. Still in the Locations tag, type ‘Datacenter’ in the Tag Name field and click Add. You should now have
multiple location tags.
9. Select Custom Tags and enter ‘PCI’, select a tag color, and click Add.
10. Verify that the tags for Criticality and Location have been added. These are viewable in the User-
added section of the asset view.

Task 2: Dynamic Asset Tagging

1. Click the filtered asset search (funnel) icon in the upper right. (Below search icon).
2. Entering a search criterion for OS contains ‘Ubuntu’.
3. Select the Search Button.
4. Verify that Ubuntu OS assets are displayed. Also make note of the total number of assets.
5. Select Add Tags button.
6. In Custom Tags section, enter a new Tag Name titled ‘Ubuntu Servers’.
7. Select the purple tag color.
8. Click the Add button.
9. Click on the Home icon from the top menu.
10. Scrolls down to the Asset Tags section.
11. Locate the tag called Ubuntu Servers.
12. Verify the list of assets is complete by comparing to the number of tagged assets in step 4 above.

Last Revised: January 6, 2017

Task 3: Tag Assets in a Site
1. From the Nexpose Home Page, scroll down to the Sites section, locate ‘US Central Site’ we created
earlier. Do not click on the site name.
2. Click on the Edit (pencil) icon in the row with ‘US Central Site’.
3. From the ‘Info & Security’ page, User-added Tags section, select Add Tags.
4. In the Custom Tags, enter a new Tag Name ‘Custom Network’. Select a Tag Color if desired.
5. Click Add.
6. Click the Save button in the upper right corner to save the site.
7. Verify that assets in the site inherit the new tag Custom Network.

Task 4: Tag Assets in a Dynamic Asset Group

1. Create a new dynamic asset group with the criteria OS contains Windows Server. (Refer back to Lab 4
Task 2 if exact steps are needed to complete task)
2. Create a User-added tag (Custom) for this asset group titled ‘Windows Server’
3. Create a second User-added tag (Location) titled ‘Kansas Data Center’.

Task 5: Tag Assets in a Static Asset Group

1. Click on the Home icon.
2. At the bottom of the Asset Groups section, open the Ubuntu Linux asset group.
3. Click Edit Asset Group.
4. Go back to the General Section.
5. Click the + icon to add tags.
6. Add a Criticality tag of ‘Very High’ to the asset group.
7. Click Save to finished creating the asset group.

Last Revised: January 6, 2017

Lab 5: Automated Actions
1. Click the Automated Actions icon in the top menu.
2. Click the New Action button.
3. Select New vulnerability coverage available as the trigger.
4. In the Filter By drop-down list select CVSS score.
5. Enter a minimum value of 8.
6. Click Next.
7. Select an action from the drop-down list. With new vulnerabilities, the only available action is scan for
new vulnerabilities.
8. Select site US Central Site to scan for the new vulnerabilities.
9. Click Next.
10. Enter the name to ‘CVSS 7 or higher, scan US Central Site’.
11. Click Save Action.
12. Close the Automated Actions window by clicking the X in the upper right.

Last Revised: January 6, 2017

Lab 6: Create/Manage Users
Task 1: Update Password Policy
1. From the console, select Administration from the left menu
2. Under the ‘Users’ section, select Manage under Password Policy
3. Update the policy to include the following:
a. Expires every 90 days
b. Must be at least 7 characters’ long
c. Must include at least 1 capitalized letter, 1 symbol, and 1 number
4. Click Save to update the password policy

Task 2: Create a New User

1. From the console, select Administration from the left menu
2. Under the Users section, select Create.
3. Enter the following under the General screen:
a. Enter the User name: jdoe
b. Full Name: John Doe
c. Enter the password: Rapid7!
d. Confirm password: Rapid7!
4. Select Roles from the left-hand navigation
5. Change the Role a few times using the dropdown menu. Observe that the permissions change
(highlighted in blue) as the role changes.
6. After changing a few times, select Custom. Make note of which permissions are selected (highlighted).
Also observe that the permissions can be changed when the Custom role is selected.
7. Change to role to User.
8. Select Site Access from the left-hand navigation.
9. Select the Select sites button and choose the Global: Corporate and US Central Site sites.
10. Select Asset Group Access from the left-hand navigation.
11. Select the Select Groups button and choose the Ubuntu with SSH group.
12. Save the newly created user by selecting the Save button.
13. Logout of Nexpose and log back in as John Doe.
14. Observe what which Sites and Asset Groups in which user John Doe has access.
15. Logout as John Doe and log back in as user1.

Last Revised: January 6, 2017

Task 3: Create a Global Admin User
No step by step this time!

Complete the following requirements:

 Create a new user, using any username/pw combination you choose

 Make this user a global admin
 Test the login
 Remain logged in as the new global admin user

Last Revised: January 6, 2017

Lab 7: Create/Manage Tickets
Task 1: Create a Ticket
1. From the console, select Assets from the left menu
2. Scroll down to the ‘Scanned’ section
3. Sort the Assets Ascending/Descending by clicking on the Vulnerabilities Column Heading until the
highest value is at the top
4. Choose the IP address of the highest count Vulnerabilities
5. Scroll down the Asset page until you reach Vulnerabilities
6. Scroll down until you see and then click on ‘Open A Ticket’ button
a. Name the ticket: Remediate ASAP
b. Change Priority to High
c. Change Assigned to user1
d. Add comments: This should be taken care of as soon as possible.’ Save comment.
e. Under the Vulnerabilities Tab on the right, choose Select Vulnerabilities.
f. Put a checkmark next to the first vulnerability in the list. Scroll to the bottom of the Select
Vulnerabilities page and click SAVE.
7. Click SAVE again in Ticket Configuration.

Task 2: Manage Tickets

1. From the console, select Tickets from the left menu
2. Click on the ticket named Remediate ASAP
3. Click the Add Comments button and type ‘Will take care of today. Please run verification scan
tomorrow.’ and SAVE.
4. Navigate to History from the left menu and note you can add additional comments.
5. Click SAVE in the upper right.

Last Revised: January 6, 2017

Lab 8: Pairing the Console to an Engine
Note: Linux commands are case sensitive.
Task 1: Get the Shared Secret

1. From the console, select Administration from the left menu, then Manage under the Engines section.
2. Generate a scan engine share secret at the bottom of the page.

3. Write down the shared secret on paper, verify it is correct

Note: You will be required to manually enter the shared secret in the next task. You cannot copy paste
from one VM to another.

Task 2: Install and Pair the Engine

1. Switch to the Nexpose Engine vm

2. Click on the Terminal shortcut in the left side menu bar. This will open a command prompt window.

3. Type ‘sudo –i’ and press the Enter key to start an interactive shell session as root. When prompted,
enter the root password, ‘rapid7’. You should see the prompt change from ‘rapid7@NSE:~$’ to
‘root@NSE:~#’, indicating that you have successfully changed the permissions.

4. Change to the desktop directory by typing ‘cd /home/rapid7/Desktop’ and then press the Enter key.

5. Issue the list command ‘ls’ to display the files in this directory. The Nexpose install file
(/NeXposeSetup-Linux64.bin) should be listed as one of the files.

6. Change the properties of the Nexpose install file to allow execution of the binary. Type

‘chmod +x ./NeXposeSetup-Linux64.bin’, then press the Enter key.

Note: there is no success message, the command prompt displays again.

7. Type ‘./NeXposeSetup-Linux64.bin’ to run the installer. This will launch the install wizard.

8. Click Next at the Welcome Screen.

9. Scroll through the license agreement and select I accept the agreement. Click Next.
10. Ensure you select the option for Nexpose Scan Engine Only.
11. Leave the communication direction set to Engine to Console, Click Next
12. This screen will check system requirements. While the lab system does not meet the minimum
requirements to run a scan engine, it’s sufficient for training purposes. Note that the install will allow us
to continue, despite the warnings. Click Next.
13. Enter a First Name, Last Name, and Company, then Next.
14. Review, confirm Scan Engine ONLY, then click Next to confirm installation selections.
15. The installation will begin here.
16. After installation, pair with the console, enter the Console Address ‘192.168.1.101’
17. Leave the default port 40815

Last Revised: January 6, 2017

 18. Enter the shared secret collected during task 1. Click Finish to complete the installation.
19. Click the Test button
20. You should see a green check mark in status. If not, please review shared secret entry and ensure
Nexpose console is running.
21. When installation completes, verify the Nexpose services are running by returning to the terminal
session, and typing ‘service nexposeengine.rc status’ and pressing the Enter key.

If the Nexpose Engine is not running, issue the following command: ‘service nexposeengine.rc start’

22. Close the Nexpose Engine VM and return to the Nexpose Console VM.

23. From the console, select Administration from the left menu, then Manage under the Engines section.
24. Verify that the new scan engine exists
Note: This can take 5-15 minutes for the initial connection to establish between the Engine and
Console. Continue to refresh the page until the engine appears.

Last Revised: January 6, 2017

Lab 9: Credential Management
Task 1: Shared Credentials - SSH Credentials
1. From the console, select Administration from the left menu.
2. Under the Scan Options | Shared Credentials section of the Administration page, select create.
3. Name the new credential ‘SSH’.
4. Enter a description.
5. Click on Account on the left-hand navigation.
6. Select Secure Shell (SSH) from the Service dropdown list
7. For the username, enter ‘msfadmin’. For the password, enter ‘msfadmin’.
8. Expand the Test Credentials section.
9. Select Local Scan Engine from the Scan Engine dropdown list.
10. In the hostname field enter ‘192.168.1.104’. Leave the Port blank.
11. Click on the Test credentials button.
12. Wait for the ‘Authentication succeeded’ message.
13. If authentication fails, double check the username and re-enter the password.
14. Click Save

Task 2: Site Specific Credentials - Windows Credentials

1. From the Home Page, Open the US Central site.

2. Click Manage Site.
3. Click on the Authentication Tab and add a new Credential.
4. Name the new credential ‘Windows’.
5. Enter a description.
6. Select Account on the left-hand navigation.
7. Select Microsoft Windows/Samba (SMB/CIFS) from the dropdown list.
8. For the username, enter ‘toor’. For the password, enter ‘rapid7’.
9. Expand the Test Credentials section.
10. In the hostname field enter ‘192.168.1.103’. Leave the Port blank.
11. Click on the Test Credentials button.
12. Wait for the ‘Authentication succeeded’ message.
13. If authentication fails, double check the username and re-enter the password.
14. Click Create.
15. Save the site changes.

Last Revised: January 6, 2017

Lab 10: Exception Handling
Task 1: Submit an Exception
1. Click on the Home icon.
2. Select Global: Corporate site.
3. From within the site, select an asset with multiple vulnerabilities (instances).
4. Click on asset to get to the vulnerability view.
5. Choose any vulnerability and click on Exclude in the far right-hand column.
6. In the vulnerability exception window, under the Scope form field, select All Instances on this Asset.
7. Under Reason for field, select Acceptable Risk.
8. In the comments field, enter ‘This vulnerability cannot be remediated due to a business requirement’.
9. Click on the Submit button.
10. Observe the icon and text in the Exceptions column changed from ‘Exclude’ to ‘Under Review’

Task 2: Approve/Reject an Exception Submission

1. From the console, select Administration from the left menu.
2. Under the Exceptions and Overrides section, select Review.
3. Notice the recently submitted exception with the status ‘Under Review’.
4. Click on Under Review.
5. Enter comments in the ‘Reviewer’s Comments’ field.
6. Set an expiration date of six months from today.
7. Select Approve.
8. Oberve that the Review status has changed to “Approved by user1’.
9. Click on the asset name in the Exception Scope column.
10. Observe the vulnerability is no longer listed in the ‘Vulnerabilities’ listing.
11. While still viewing the asset, scroll down to the ‘Vulnerability Exceptions’. Observe the vulnerability that
was approved is listed here.

Last Revised: January 6, 2017

Lab 11: Risk Score
Task 1: Risk Score Adjustment

1. From the console, select Administration from the left menu.

2. From the Global and Console Settings | Global section of the Administration Page, select Manage.
3. Select the Risk Score Adjustment configuration page from the left-hand navigation.
4. Check the box next to Adjust asset risk scores based on criticality.
5. Make note the Risk Score Modifier values.
6. Click Save.
7. Click on the Home icon.
8. Scroll down to the Asset Tags section
9. Locate the Criticality assets tags. Select a tag (beside medium) that has tagged assets associated with
it.
10. Click on an asset with a Criticality tag applied.
11. Observe the Original risk score and the Context-Driven risk score with the modifier applied.

Task 2: Change the Risk Strategy

1. From the console, select Administration from the left menu.

2. From the Global and Console Settings | Global section of the Administration Page, select Manage.
3. Change the Risk Strategy from Real Risk to Temporal.
4. Change the Historical data to recalculate the Entire history.
5. Click Save.

Last Revised: January 6, 2017

Lab 12: Manage Reports
Task 1: Create a Report Template (Document)
1. From the console, select Reports from the left menu.
2. Select Manage report templates.
3. Click the New button to create a new report template.
4. Enter the name ‘Document Report Template’.
5. Enter a brief description.
6. For the Template Type, keep the default selection of ‘Document (PDF, HTML, RTF)’.
7. Leave the Vulnerability Details setting as ‘Complete’.
8. Under Preferences, select Display Asset Names and IP Addresses.
9. In the ‘Select sections to include in the template’ section, select the following report sections by
selecting the specific section name, then click the Add button:
a. Cover Page
b. Table of Contents
c. Executive Summary
d. Baseline Comparison
e. Discovered Vulnerabilities
f. Vulnerability Exceptions
10. Click Save.
Note: with the selection of ‘Cover Page’, ‘Baseline Comparison’, and ‘Executive Summary’ sections,
options at the bottom of the page appear for each section.

Task 2: Create a Report Template (CSV)

1. From the console, select Reports from the left menu.
2. Select Manage report templates.
3. Click the New button to create a new report template.
4. Provide a name ‘CSV Report Template’, enter a description.
5. For the Template Type, select Export (CSV format).
6. In the Content section, select the fields to include in the export file by selecting a field and clicking the
Add button. Use the up/down arrows to set the display order of the selected fields.
7. Select the following fields for the export, and order the fields in this sequence:
a. Site Name
b. Asset IP Address
c. Asset Names
d. Vulnerability ID

Last Revised: January 6, 2017

 e. Vulnerability Description
f. Vulnerability CVSS Score
g. Vulnerability Severity Level
8. Click Save.

Task 3: Create a Report Document Report

1. From the console, select Reports from the left menu.
2. Select Create a report.
3. Name the New Report ‘Training1’.
4. From the Scan Template Thumbnails, find and select the template named Document Report
Template. (From Task 1)
5. Select the File Format as HTML.
6. Under ‘Scope’, select the + icon for ‘Select Sites, Assets, Asset Groups or Tags’.
a. On the ‘Select Report Scope’ screen, select two sites to include in the report.
b. Click Done to return to the main ‘Create a Report’ screen page.
7. Under Frequency, configure the report to run on the 1st of every month (at 12:01 am) by selecting Run
a recurring report on a schedule.
8. Click on the Configure Advanced Settings hyperlink.
9. Expand the Access Section
a. Under the Report Viewer List, Click Add users.
b. Select John Doe user created in previous lab.
c. Click Done.
10. Expand the Distribution Section
a. Select the checkbox for Send to users on a report access list
b. For the ‘Attach report file as’ option, select File
c. Click Save the report
11. On the View Reports tab, mouse over ‘Training1’. (You may have to navigate to another page on the
report list).
12. Click on the dropdown menu to the left of the report name and select Run
13. Once the report is complete, view the report by clicking on the report name Training1.

Last Revised: January 6, 2017

Task 4: Create a CSV Report
1. From the console, select ‘Reports’ from the top menu.
2. Select Create a Report.
3. Name the New Report ‘Training2’.
4. For the scan template, select the Export tab.
5. From the Scan Template Thumbnails, find and select the template named CSV Report Template
created in the previous section for this exercise.
6. Select the File Format as CSV.
7. Under ‘Scope’, select the + icon for ‘Select Sites, Assets, Asset Groups or Tags’.
a. On the Select Report Scope screen, select two or more sites to include in your report.
b. Click Done to return to the main ‘Create a Report’ screen page.
8. Under ‘Scope’, select the filter icon for Filter Report Scope Based on Vulnerabilities
a. Under ‘Severity’, select Critical only.
b. Under ‘By Category’, select Include specific and filter for, and select, Microsoft.
c. Click ‘Done’ to return to the main ‘Create a Report’ screen page.
d. Under Frequency, configure the report to run on the 1st of every month by selecting Run a
recurring report on a schedule.
9. Click Save the Report.
10. On the View Reports tab, mouse over ‘Training2’ report.
11. Click on the dropdown menu to the left of the report name and select Run.
12. Once the report is complete, view the report by clicking on the report name Training2.
13. Open the CSV file in LibreOffice Calc to view your output.
Note: depending upon the sites selected, this report could be blank.

Task 5: Advanced Challenge

Create the following reports based only on the requirements listed:

1) Create a risk score card report for assets tagged with ‘Old Assets’ tag.
i. Monthly report runs on 1st of each month
ii. HTML Format
2) Create an executive summary report for all data in the system
i. Only user1 has permission to view/use this report
ii. automatically created weekly

Last Revised: January 6, 2017

Appendix A: Practice Exam
THIS IS FOR REVIEW AFTER THE COURSE IS COMPLETED. PLEASE STOP HERE FOR NOW.

Nexpose Certified Administrator Answer Key

1. What permissions listed allow a user to view vulnerability data for a site named ‘HQ’? (Select all that
apply)
a. A role that allows View Site Asset Data and access to the ‘HQ’ site
b. A role that allows View Group Asset Data and access to the ‘HQ’ site
c. Everyone can see vulnerability findings if they have access to the site ‘HQ’
d. Global Administrator access
e. None of the above

2. Why is it recommended to use valid credentials for vulnerability scans?

a. To obtain maximum accuracy and visibility into vulnerability findings.
b. To confirm the NSC users identify before scanning
c. To ensure a secure session between the NSE and the host(s)
d. For logging and accountability purposes

3. When sending your diagnostic information to support.rapid7.com you are doing it over a TLS-encrypted
session over port 443.
a. True
b. False

4. The default risk model for Nexpose is ________________.

a. Weighted risk
b. Real risk
c. Temporal risk
d. PCI ASV 2.0 Risk

5. To edit a built-in scan template, you would:

a. Edit the template directly
b. Delete and re-create the template
c. Copy and paste the template into a new site
d. Copy the template, make changes, and save as a new template, leaving the old as-is

6. If the error message "Not enough memory to complete scan" occurs during a scan, which of the
following actions should be considered?
a. Run fewer simultaneous scans
b. Lower the number of scan threads allocated by your scan template
c. Power off the console
d. Both A and B
e. Both A and C

Last Revised: January 6, 2017

 7. What is the minimum system RAM requirement (in GB) for Nexpose console installations?
a. 32 GB
b. 4 GB
c. 16 GB
d. 12 GB
e. 8 GB

8. Which of the following report data export formats can Nexpose output?
a. CSV Export
b. XML Export
c. Database Export
d. CyberScope XML Export
e. All of the above

9. You have configured a scan for a class C network with the asset scope of 192.168.1.0/24, used the
built in scan template named ‘Full Audit’, and enabled syslog alerts to your SIEM at 10.1.4.2. You have
scheduled the scan to run monthly. Your scan has completed as scheduled, but your Policy Evaluation
report has no data. What is the likely cause?
a. The Full Audit template does not include Policy checks.
b. The Syslog alerts are not being delivered correctly.
c. The scan has likely failed.
d. You have input the scope incorrectly.

10. What URL would you use if trying to reach a remote Nexpose install on another server?
a. http://servername/nsc:3780
b. https://localhost:3780
c. https://serverIPaddress:3780
d. https://serverIPaddress:40814

11. You have a single dual-processor Nexpose console with 8GB of RAM. You currently have no additional
scan engines installed. You are attempting to scan 12 class C networks. Your scans seem to be failing
and you are seeing ‘out of memory’ errors entries in the console log. What is the BEST course action
that you should take to resolve the issue?
a. Increase the console's RAM.
b. Deploy Remote Scan Engines and offload scans from the console.
c. Increase available memory by stopping unnecessary services.
d. Spread your scans over a longer period.

12. Specify the devices to which you can apply custom tags: (Select all that apply)
a. An individual asset
b. Asset groups
c. Sites
d. Reports
e. Scan templates

Last Revised: January 6, 2017

 13. Performing a filtered asset search is the first step in creating what type of asset groups? (select all that
apply)
a. Full
b. Asset
c. Dynamic
d. Site

14. Which of the following is a factor in the determination of vulnerability severity levels?
a. Temporal Scores
b. CVSS Scores
c. Weighted Scores
d. SANS Vulnerability Scores

15. Match the following log names to the proper description:

File Name Description

1. access.log a. scan engine system and application level events
2. auth.log b. memory-intensive operations, such as scanning and
reporting
3. nsc.log c. resources that are being accessed such as pages in the
Web interface
4. nse.log d. maintenance mode activity
5. mem.log e. logon or logoff, authentication failures, account lockouts

1 = c, 2 = e, 3 = d, 4 = a, 5 = b

Last Revised: January 6, 2017