Scribd
Upload
12 views

NCA Student Lab Guide

Uploaded by

Biswajit Mondal
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
12 views

NCA Student Lab Guide

Uploaded by

Biswajit Mondal
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 21

Nexpose Certified Administrator

Lab Guide

Version 20.06.01

DISCLAIMER: Unless otherwise indicated, this lab guide and its design, text, content, selection and arrangement of elements, organization, graphics,
design, compilation, digital conversion and other matters related to this document are protected under applicable copyrights, trademarks and other
proprietary (including, but not limited to, intellectual property) rights and are the property of Rapid7 LLC or the material is included with the permission of
the rights owner and is protected pursuant to copyright and trademark laws. ALL RIGHTS RESERVED. If you have any questions about the use of this
material, please contact [email protected].

1
Table of Contents
Table of Contents ....................................................................................................................................................................................... 2
Understanding this Document .................................................................................................................................................................... 2
Lab Environment - Virtual Machines ........................................................................................................................................................... 3
Lab 1: Create a Custom Scan Template .................................................................................................................................................... 4
Lab 2: Creating Static Sites/Launching a Scan .......................................................................................................................................... 5
Lab 3: Asset Groups ................................................................................................................................................................................... 7
Task 1: Create a Static Asset Group .............................................................................................................. 7
Task 2: Create a Dynamic Asset Group ......................................................................................................... 7
Lab 4: Real Context.................................................................................................................................................................................... 8
Task 1: Tag an Individual Asset ..................................................................................................................... 8
Task 2: Tag Assets in a Site........................................................................................................................... 8
Task 3: Tag Assets in a Static Asset Group ................................................................................................... 8
Lab 5: Remediation and Scanning ............................................................................................................................................................. 9
Lab 6: Automated Actions ........................................................................................................................................................................ 10
Lab 7: Pairing the Console to an Engine .................................................................................................................................................. 11
Task 1: Get the Shared Secret .................................................................................................................... 11
Task 2: Install the Engine ............................................................................................................................. 11
Lab 8: Credential Management and Policy Scanning ............................................................................................................................... 12
Task 1: Site Specific Credentials - Windows Credentials ............................................................................. 12
Task 2: Shared Credentials - SSH Credentials............................................................................................. 12
Lab 9: Exception Handling........................................................................................................................................................................ 13
Task 1: Submit an Exception........................................................................................................................ 13
Task 2: Approve/Reject an Exception Submission ....................................................................................... 13
Troubleshooting Challenge....................................................................................................................................................................... 14
Answer the following questions. ............................................................................................................................................................... 14
Lab 10: Risk Score .................................................................................................................................................................................. 15
Task 1: Risk Score Adjustment .................................................................................................................... 15
Task 2: Change the Risk Strategy ................................................................................................................ 15
Lab 11: Manage Reports .......................................................................................................................................................................... 16
Task 1: Create a Report Template (Document) ............................................................................................ 16
Task 2: Create a Report Document Report .................................................................................................. 16
Appendix A: Practice Exam ..................................................................................................................................................................... 18
Appendix B: Change Log......................................................................................................................................................................... 21

Understanding this Document


To better understand the Rapid 7 Lab Guide instructions, please note the following:

This font style is instructional and provides direction in the lab.

Any text entered in a bold font indicates that you will be clicking on a button, menu, drop down or item.

(Any text entered in italics inside parenthesis are considered special instructions, tips, or best practices that may not be specific
instructions.)

Any text entered in this Courier font indicates that you will be typing the text into a form,
field, or command line interface.

‘Any text entered in italics inside a single quote indicates that the student should be looking for this item, section, or heading to continue
the exercise steps.’

2
Lab Environment - Virtual Machines

Asset IP Username Password


Nexpose Console 192.168.1.(X)1 user(X) pa$$word(X)
Engine 192.168.1.(X)0 nexpose @1234Pass
Win Target 192.168.1.(X)5 administrator @1234Pass
Metasploitable2 192.168.1.204 msfadmin msfadmin

3
Lab 1: Create a Custom Scan Template
(Open the Nexpose Console, open your Browser, and go to https://<nexpose_ip>:3780, create a
Bookmark in the Bookmark toolbar if necessary, login with user(X): pa$$word(X))

1. From the console, select Administration from the navigation menu.


2. On the Scan Options | Templates section select manage.
3. Locate the ‘Full audit’ scan template. Click the Copy icon in this row.
4. Change the name of the template to Full Audit with Modifications.
5. Clear the current description and enter some text as the new description.
6. Configure your template with the following parameters: (Note: Clicking any of the individual sections on
the left menu will navigate through the various template sections.) For any sections not mentioned,
leave the default settings.
a. General
i. Change the number of simultaneous assets per Scan Engine from 10 to 15.
ii. Check Enhanced Logging - (Best Practice)
iii. Uncheck Web Spidering
b. Asset Discovery
i. Discover assets with only ICMP, ARP and TCP protocols.
ii. Uncheck UDP packet discovery.
iii. Check – Do not treat TCP reset responses as live assets.
c. Service Discovery
i. Discover all services on all TCP ports.
7. Save the template by clicking the Save button in the upper right area.

Notes: Though you have the ability to create new templates from scratch by selecting the ‘New Scan
Template’ button, you rarely should have to do this. It is advised that you copy an existing template that
closely achieves your scanning objectives by selecting the icon in the column labeled ‘Copy’.
End of this lab. Stop for now.

4
Lab 2: Creating Static Sites/Launching a Scan
1. From the console, select the Home link on the navigation menu to get to the Nexpose Dashboard.
2. Under the Sites section click the Create Site button.
3. Configure the site with the following parameters: Note: Clicking the individual sections at the top (Info &
Security, Assets, etc.) will navigate through the various configuration sections. Each section may have
multiple configuration pages. You can navigate these using the top navigation
a. Info & Security
i. Name the Site Middle East - HQ. Allow Win-User access to this site.
b. Assets
i. In the include section, enter the range 192.168.1.0/24.
ii. Add 192.168.1.1 to the Exclude list.
c. Templates
i. Select the scan template Full audit enhanced logging- No Web Spider.
d. Engines
i. Select local scan engine.
e. Alerts
i. Create an email alert as follows:
1. To: user(X)@spirelab.local
2. From: [email protected]
ii. The alert should only occur only if the scan fails. Maximum Alerts to Send: 5
iii. Name the new alert: Middle East - HQ Site Failure
iv. Add the SMTP relay server IP address: 192.168.1.201
v. You must click SAVE in this dialog box, as it will not save when you go to the next tab.
f. Schedule
i. Click Create Schedule
ii. Enter Start date and time to 9pm UAE on the 9th of next month
iii. Set the Maximum scan duration to 3 hours 30 minutes and Set the Repeat scan every to
every month on the 9th
iv. Set the If a scan reaches the maximum duration to continue the scan where it
previously stopped. Click Save to commit your new schedule.
g. Blackout
i. Click Create Blackout on the left menu.
ii. Enable a blackout that starts on the next Friday from 1-4 am GST and repeats
continues every Friday. Click Save to create the new blackout.
Task continues next page

5
4. Click Save and Scan in the upper right to save your site configuration and start a scan. You may get a
UAC popup asking “Are you sure you want to Save and Scan?” Click Save & Scan.
5. Monitor status of the scan. This should refresh every few seconds.
End of this lab. Stop for now.

6
Lab 3: Asset Groups
Task 1: Create a Static Asset Group
1. Click the Create button in the top menu, select Asset Group
2. Change the Asset Filter criteria to OS contains Linux.
3. Click the + to add another filter.
4. Create a second filter Host Type is Virtual Machine
5. Click the Search button.
6. Scroll down to verify you have matching assets.
7. Leave type as Static.
8. Name the new asset group Virtual Linux.
9. Enter a brief description.
10. Click Save.
11. Verify the new asset group is displayed in the asset group listing, and that it is static.

Task 2: Create a Dynamic Asset Group


1. Click the Create button in the top menu, select Dynamic Asset Group.
2. Create a filter with the following criteria:
a. OS contains Windows
b. Vulnerability Title contains SMB
3. Click Search
4. After the search returns results, select create asset group
5. Name the asset group Windows SMB Vulnerabilities.
6. Enter the name and brief description.
7. Click Save
8. Go to the Nexpose Home page and locate Windows SMB Vulnerabilities. Select the new asset group
to view the assigned assets. (The new asset group may be located on the 2nd page.)
9. Verify the assets displayed in step 8 are included in the asset group.
This group will change over time. New Assets that meet the criteria (from step 3) will be added to the
group with each scan.

Bonus questions:

Which assets currently have DoS Vulnerabilities? Would you build a static or dynamic asset group?
End of this lab. Stop for now.

7
Lab 4: Real Context
Task 1: Tag an Individual Asset
1. Search for an asset using the search (magnify glass) icon in upper right with IP Address 192.168.x.x by
entering the string 192.168
2. Click the IP address 192.168.1.(X)0. If you did not complete the scan in Lab 2, you will not see this asset.
3. From the right side of the page, under User-added Tags, click Add Tags.
4. Click the Criticality tab
5. Select Very High from the Tab Name dropdown menu, then click Add.
6. Click the Locations tab
7. In the Tag Name field, type Ubuntu 18 and click Add.
8. Still in the Locations tag, type Middle East in the Tag Name field and click Add.
9. Select Custom Tags and enter Rapid7, select a tag color, and click Add.
10. Verify that the tags for Criticality and Location have been added. These are viewable in the User-
added section of the asset view.

Task 2: Tag Assets in a Site


1. From the Nexpose Home Page, scroll down to the Sites section, locate the Middle East - HQ
created earlier in Lab 2. Do not click the site name.
2. Click the Edit (pencil) icon in the row with Middle East - HQ Site.
3. From the Info & Security page, User-added Tags section, select Add Tags.
4. In the Custom Tags, enter a new Tag Name Custom Network. Select a Tag Color if desired.
5. Click Add.
6. Click the Save button in the upper right corner to save the site.
7. Verify that assets in the site inherit the new tag Custom Network.

Task 3: Tag Assets in a Static Asset Group


1. Click the Home icon.
2. At the bottom of the Asset Groups section, open the Virtual Linux asset group.
3. Click Edit Asset Group.
4. Go back to the General Section.
5. Click the + icon to add tags.
6. Add a Criticality tag of Very High to the asset group.
7. Click Save to finished creating the asset group.
End of this lab. Stop for now.

8
Lab 5: Remediation and Scanning
1. From the console, select Home on the navigation menu.
2. Open the Windows Site. Scroll down to Assets and click the IP address 192.168.1.(X)5.
3. The most severe Vulnerability with a CVSS score of 8.1 is SMB Remote Code Execution.
4. The last column on the right is Solution. Click the pill icon to the right of this vulnerability.
5. The configuration remediation steps will be displayed for all SMB vulnerabilities.
6. Open the Windows machine in your lab environment.
7. Open the Powershell window by going to Start and typing in Powershell.
8. Right click and run Powershell as an elevated prompt.
As with the case of many older protocols, SMB1 has proven to be highly insecure. This was clearly
demonstrated with WannaCry and Petya.
9. To disable SMB1, run the following command exactly as follows: (this will be a single command)
Set-ItemProperty -Path
"HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters"
SMB1 -Type DWORD -Value 0 –Force
10. Navigate to the NCA Console to scan for the vulnerability you just fixed.
11. Go to the Home page, to the Windows and scroll to the right for the Scan Now button.
12. Name the scan Remediation Check and keep all other defaults.
13. Click Start Now. The scan will take approximately 8-10 minutes. Notice the vulnerabilities left after
remediating SMBv1.
End of this lab. Stop for now.

9
Lab 6: Automated Actions
1. Click the Automated Actions icon in the navigation menu.
2. Click the New Action button. This is the circle with the + inside.
3. Select New vulnerability coverage available as the trigger.
4. In the Filter By drop-down list select CVSS score.
5. Choose the modifier is Higher than.
6. Enter a minimum value of 7.4.
7. Click Next.
8. Select an action from the drop-down list. With new vulnerabilities, the only available action is scan for
new vulnerabilities.
9. Select site Middle East - HQ Site to scan for the new vulnerabilities.
10. Click Next.
11. Enter the name to CVSS Critical, scan Middle East - HQ Site.
12. Click Save.
13. Close the Automated Actions window by clicking the X in the upper right.
End of Day One

10
Lab 7: Pairing the Console to an Engine
For this lab, use the Engine virtual machine. You will also log in to the Security Console from this VM.
Note: Linux commands are case sensitive.
Task 1: Get the Shared Secret
1. Open the 0(X)-Console Connection.
2. Log in to Security Console https://<nexpose_ip>:3780.
1. Username is user(X) and the password is pa$$word(X).
3. Select Administration from the navigation menu, under Scan Options, select Manage under the
Engines section.
4. Click the Generate Button; highlight and copy the generated code.

Task 2: Install the Engine


1. On the same VM. Use the Terminal desktop icon to open a terminal session.
2. Type sudo su and press enter. This will begin interactive shell session as root. When prompted, enter
the root password, @1234Pass You should see the prompt change from $ to # indicating that you have
successfully changed the permissions. Be sure to type exit when installation is complete.
3. Issue the list command ls to display the files in this directory. The install file (Rapid7Setup-
Linux64.bin) will be listed as one of the files.
4. Change the properties of the install file to allow execution of the binary. Type:
chmod +x Rapid7Setup-Linux64.bin, then press the Enter key.
Note: There is no success message. The command prompt displays again. If you type ‘ls’ again, you
will see the file is in green – ready for execution.
5. Type ./Rapid7Setup-Linux64.bin to run the installer. This will launch the GUI install wizard.
6. Click Next at the Welcome Screen.
7. Change Type and Destination to Scan Engine only. Click Next.
8. Under Account details, type in your first name, last name and company. Click Next.
9. Make sure the Initialize and start after installation box is checked and click Next.
10. The next Installation screen will ask for Console details. Enter IP address: 192.168.1.(X)1
11. Leave the default port 40815
12. Enter the shared secret collected during task 1. Click the Test button. You should see a green
check mark in status. This will only test communication to the console, not key validity.
13. Click Next and then Finish.

Note: It can take 15-30 minutes for the initial connection to naturally establish between the Engine and Console. To
connect an engine manually:
From the Nexpose Console, select Administration from the navigation menu, then Manage under the Engines
section, click the New Engine button and add the name Distributed Engine and the IP address.

End of this lab. Stop for now.

11
Lab 8: Credential Management and Policy Scanning

Task 1: Site Specific Credentials - Windows Credentials


1. From the Home Page, Open the Middle East - HQ site.
2. Click Manage Site.
3. Click the Authentication Tab and add a new Credential.
4. Name the new credential Windows.
5. Enter a description.
6. Select Account on the left-hand navigation.
7. Select Microsoft Windows/Samba (SMB/CIFS) from the dropdown list.
8. For the username, enter administrator. For the password, enter @1234Pass
9. Expand the Test Credentials section.
10. In the hostname field enter 192.168.1.(X)5. Leave the Port blank.
11. Click the Test Credentials button.
12. Wait for the Authentication succeeded message.
13. If authentication fails, double check the username and re-enter the password.
14. Click Create at the bottom of the page.

Task 2: Shared Credentials - SSH Credentials


1. From the console, select Administration from the navigation menu.
2. Under the Scan Options | Shared Credentials section of the Administration page, select create.
3. Name the new credential Ubuntu Policy Scanning.
4. Click Account on the left-hand navigation.
5. Select Secure Shell (SSH) from the Service dropdown list
6. For the username, enter nexpose. For the passwords, enter @1234Pass
7. Expand Permission Elevation, choose sudo as elevation type.
8. For the username, enter nexpose. For the passwords, enter @1234Pass
9. Under Site Assignment, choose Assign these credentials to all current and future sites.
10. Click Save. There is no need to Test Credentials. You have used them already on 192.168.1.(X)0.
11. Navigate to the Home page and open the Middle East - HQ Site, under Manage Site make sure that the new
credential appears under Authentication.
12. Click Save and Scan in the upper right-hand corner. When the scan completes, we will be able to do
a Baseline Comparison report.
End of this lab. Stop for now.

12
Lab 9: Exception Handling
Task 1: Submit an Exception
1. Click the Home icon. Make mental note of the cumulative risk score in your console.
2. Select Middle East - HQ site.
3. From within the site, select an asset with multiple vulnerabilities (instances).
4. Click any asset to open and scroll down to the vulnerabilities.
5. Choose any vulnerability and click Exclude in the far right-hand column.
6. In the vulnerability exception window, choose a Scope.
7. Under Reason for field, select Acceptable Risk.
8. In the comments field, enter This vulnerability cannot be remediated due to a
business requirement.
9. Click the Submit button.
10. Observe the icon and text in the Exceptions column changed from Exclude to Under Review

Task 2: Approve/Reject an Exception Submission


1. From the console, select Administration from the navigation menu.
2. Under the Exceptions and Overrides section, select Review.
3. Notice the recently submitted exception with the status Under Review.
4. Click Under Review.
5. Enter comments in the Reviewer’s Comments field.
6. Set an expiration date of six months from today.
7. Select Approve.
8. Observe that the Review status has changed to Approved by user(X).
9. Navigate to the vulnerability page and observe the vulnerability is no longer listed in the Vulnerabilities.
10. Click the Home icon. Note how the cumulative risk score decreased.
End of this lab. Stop for now.

13
Troubleshooting Challenge

Answer the following questions.

Q: What version is this product?

Q: What is the command to update the console via CLI (command line interface)?

Q: What is the command to see the details of the console/host?

Q: What is the default length time to keep scan information?

Q: Where would you find the logs for the past history scans?

Q: Is asset linking turned on?

Q: What is the default modification value of a high criticality tag?

Q: Run the diagnose tool. What OS are you on?

Q: Can you check for updates upon startup? Where do you make sure those are turned on?

Q: Where would you start a backup and/or restore?


End of Challenge. Stop for now.

14
Lab 10: Risk Score
Task 1: Risk Score Adjustment
1. From the console, select Administration from the navigation menu.
2. From the Global and Console Settings | Global section of the Administration Page, select Manage.
3. Select the Risk Score Adjustment configuration page from the left-hand navigation.
4. Check the box next to Adjust asset risk scores based on criticality.
5. Make note the Risk Score Modifier values.
6. Click Save.
7. Click the Home icon.
8. Scroll down to the Asset Tags section
9. Locate the Criticality assets tags.
10. Select a tag (beside medium) that has tagged assets associated with it.
11. Click an asset with a Criticality tag applied.
12. Observe the Original risk score and the Context-Driven risk score with the modifier applied.

Task 2: Change the Risk Strategy


1. From the console, select Administration from the navigation menu.
2. From the Global and Console Settings | Global section of the Administration Page, select Manage.
3. Change the Risk Strategy from Real Risk to Temporal.
4. Change the Historical data to recalculate the Entire history.
5. Click Save.
End of this lab. Stop for now.

15
Lab 11: Manage Reports
Task 1: Create a Report Template (Document)
1. From the console, select Reports from the navigation menu.
2. Select Manage report templates.
3. Click the New button to create a new report template.
4. Enter the name ‘Document Report Template’.
5. Enter a brief description.
6. For the Template Type, keep the default selection of ‘Document (PDF, HTML, RTF)’.
7. Leave the Vulnerability Details setting as ‘Complete’.
8. Under Preferences, select Display Asset Names and IP Addresses.
9. In the ‘Select sections to include in the template’ section, select the following report sections by
selecting the specific section name, then click the Add button:
a. Cover Page
b. Table of Contents
c. Executive Summary
d. Baseline Comparison (using the two scans we have completed on Day One and Day Two)
e. Discovered Vulnerabilities
f. Vulnerability Exceptions
10. Click Save.
Note: with the selection of ‘Cover Page’, ‘Baseline Comparison’, and ‘Executive Summary’ sections,
options at the bottom of the page appear for each section.

Task 2: Create a Report Document Report


1. From the console, select Reports from the navigation menu.
2. Select Create a report.
3. Name the New Report ‘Nexpose Training’.
4. From the Scan Template Thumbnails, find and select the template named Document Report
Template. (From Task 1)
5. Select the File Format as HTML.
6. Under ‘Scope’, select the + icon for ‘Select Sites, Assets, Asset Groups or Tags’.
a. On the ‘Select Report Scope’ screen, select two sites to include in the report.
b. Click Done to return to the main ‘Create a Report’ screen page.
7. Under Frequency, configure the report to run on the 1st of every month (at 12:01 am) by selecting Run
a recurring report on a schedule.
Task continues next page

16
8. Click the Configure Advanced Settings hyperlink.
9. Expand the Access Section
a. Under the Report Viewer List, Click Add users.
b. Select Win-User user that has been created on the system.
c. Click Done.
10. Expand the Distribution Section
a. Select the checkbox for Send to users on a report access list
b. For the ‘Attach report file as’ option, select File
c. Click Save the report
11. On the View Reports tab, mouse over ‘Nexpose Training’. (You may have to navigate to another
page on the report list).
12. Click the dropdown menu to the left of the report name and select Run.
13. Once the report is complete, view the report by clicking on your report.
End of this lab. Stop.

17
Appendix A: Practice Exam
THIS IS FOR REVIEW AFTER THE COURSE IS COMPLETED. PLEASE STOP HERE FOR NOW.

Nexpose Certified Administrator Answer Key

1. What permissions listed allow a user to view vulnerability data for a site named ‘HQ’? (Select all that
apply)
a. A role that allows View Site Asset Data and access to the ‘HQ’ site
b. A role that allows View Group Asset Data and access to the ‘HQ’ site
c. Everyone can see vulnerability findings if they have access to the site ‘HQ’
d. Global Administrator access
e. None of the above

2. Why is it recommended to use valid credentials for vulnerability scans?


a. To obtain maximum accuracy and visibility into vulnerability findings.
b. To confirm the NSC users identify before scanning
c. To ensure a secure session between the NSE and the host(s)
d. For logging and accountability purposes

3. When sending your diagnostic information to support.rapid7.com you are doing it over a TLS-encrypted
session over port 443.
a. True
b. False

4. The default risk model for Nexpose is ________________.


a. Weighted risk
b. Real risk
c. Temporal risk
d. PCI ASV 2.0 Risk

5. To edit a built-in scan template you would:


a. Edit the template directly
b. Delete and re-create the template
c. Copy and paste the template into a new site
d. Copy the template, make changes, and save as a new template, leaving the old as-is

6. If the error message "Not enough memory to complete scan" occurs during a scan, which of the
following actions should be considered?
a. Run fewer simultaneous scans
b. Lower the number of scan threads allocated by your scan template
c. Power off the console
d. Both A and B
e. Both A and C

18
7. What is the minimum system RAM requirement (in GB) for Nexpose console installations?
a. 32 GB
b. 4 GB
c. 16 GB
d. 12 GB
e. 8 GB

8. Which of the following report data export formats can Nexpose output?
a. CSV Export
b. XML Export
c. Database Export
d. CyberScope XML Export
e. All of the above

9. You have configured a scan for a class C network with the asset scope of 192.168.1.0/24, used the
built in scan template named ‘Full Audit’, and enabled syslog alerts to your SIEM at 10.1.4.2. You have
scheduled the scan to run monthly. Your scan has completed as scheduled, but your Policy Evaluation
report has no data. What is the likely cause?
a. The Full Audit template does not include Policy checks.
b. The Syslog alerts are not being delivered correctly.
c. The scan has likely failed.
d. You have input the scope incorrectly.

10. What URL would you use if trying to reach a remote Nexpose install on another server?
a. http://servername/nsc:3780
b. https://localhost:3780
c. https://serverIPaddress:3780
d. https://serverIPaddress:40814

11. You have a single dual-processor Nexpose console with 8GB of RAM. You currently have no additional
scan engines installed. You are attempting to scan 12 class C networks. Your scans seem to be failing
and you are seeing ‘out of memory’ errors entries in the console log. What is the BEST course action
that you should take to resolve the issue?
a. Increase the console's RAM.
b. Deploy Remote Scan Engines and offload scans from the console.
c. Increase available memory by stopping unnecessary services.
d. Spread your scans over a longer period.

12. Specify the devices to which you can apply custom tags: (Select all that apply)
a. An individual asset
b. Asset groups
c. Sites
d. Reports
e. Scan templates

19
13. Performing a filtered asset search is the first step in creating what type of asset groups? (select all that
apply)
a. Full
b. Asset
c. Dynamic
d. Site

14. Which of the following is a factor in the determination of vulnerability severity levels?
a. Temporal Scores
b. CVSS Scores
c. Weighted Scores
d. SANS Vulnerability Scores

15. Match the following log names to the proper description:

File Name Description


1. access.log a. scan engine system and application level events
2. auth.log b. memory-intensive operations, such as scanning and
reporting
3. nsc.log c. resources that are being accessed such as pages in the
Web interface
4. nse.log d. maintenance mode activity
5. mem.log e. logon or logoff, authentication failures, account lockouts

1 = c, 2 = e, 3 = d, 4 = a, 5 = b

20
Appendix B: Change Log
Version Updates
18.4.1 Updated logo
IP addressing correction
18.4.2 Updated supported OS to include Windows Server 2016
Updated RESTful to v3
18.5.0 Lab updated to 6.5.17
Updated/Corrected IP addresses
Added Troubleshooting Challenge per TechSupport
18.6.0 Rearrange Lab 9
18.7.0 Updated Screenshot Lab 7
18.8.0 Updated LabGuide
18.10 Update Policies and screenshots
18.11 Added Remediation Lab 5
18.12 Updated to 6.5.42
19.1 Added Email to User Creation
19.2 Change Template and update CVSSv3
19.5 Updated to 6.5.48
19.6 Testing Changes to Cybrary Instructions and new Feedback Link
19.8 Updated Lab, Lab Guide and Slide Deck.
19.10 Updated Lab
20.03.01, 27 Mar 2020 Updated Nexpose database to current version. Updated lab VMs and lab
guide to align with the new lab provider. Updated instructions for clarity
and alignment with current style guide.
20.05.01, 21 May 2020 Updated exam instructions in the slide deck.
20.06.01, 29 June 2020 Removed references to virtual appliances as these are not recommended
for production.

21

You might also like