InsightVM

Certified Administrator
Lab Guide
20.08.01

DISCLAIMER: Unless otherwise indicated, this lab guide and its design, text, content, selection and arrangement of elements, organization, graphics, design, compilation, digital conversion and other
matters related to this document are protected under applicable copyrights, trademarks and other proprietary (including, but not limited to, intellectual property) rights and are the property of Rapid7 LLC or
the material is included with the permission of the rights owner and is protected pursuant to copyright and trademark laws. ALL RIGHTS RESERVED. If you have any questions about the use of this
material, please contact education_services@rapid7.com.

V.20.08.01 1
 Table of Contents
Table of Contents 2
Understanding this Document 3
Lab Ecosystem 3
Lab 1: Create a Custom Scan Template 5
Lab 2: Creating Static Sites/Launching a Scan 6
Lab 3: Asset Groups 7
Task 1: Create a Static Asset Group 7
Task 2: Create a Dynamic Asset Group 7
Lab 4: Real Context 8
Task 1: Tag an Individual Asset 8
Task 2: Tag Assets in a Site 8
Task 3: Tag Assets in an Asset Group 8
Lab 5: Remediation and Scanning 9
Lab 6: Automated Actions 10
Lab 7: Troubleshooting Challenge 11
END DAY ONE 11
Lab 8: Installing a Scan Engine 12
Task 1: Get the Shared Secret 12
Task 2: Install the Engine 12
Lab 9: Credential Management 13
Task 1: Shared Credentials - SSH Credentials 13
Task 2: Site Specific Credentials - Windows Credentials 13
Lab 10: Exception Handling 14
Task 1: Submit an Exception 14
Task 2: Approve/Reject an Exception Submission 14
Lab 11: Risk Score 15
Task 1: Risk Score Adjustment 15
Task 2: Change the Risk Strategy 15
Lab 12: Manage Reports 16
Task 1: Create a Report Template (Document) 16
Task 2: Create a Document Report 17
Lab 13: InsightVM Dashboards, Queries, Goals & Projects 18
Task 1: Create a Dashboard 18
Task 2: Create a Query 18
Task 3: Create a Project 19
Task 4: Setting Goals 20
Appendix A: Practice Exam Questions 21
Appendix B: Change Log 24

2
Understanding this Document
To better understand the Rapid 7 Lab Guide instructions, please note the following:

This font style is instructional and provides direction in the lab.

Any text entered in a bold font indicates that you will be clicking on a button, menu, drop down or
item.

(Any text entered in italics inside parenthesis are considered special instructions, tips, or best practices that
may not be specific instructions.)

Any text entered in this Courier font indicates that you will be typing the
text into a form, field, or command line interface.

‘Any text entered in italics inside a single quote indicates that the student should be looking for this item,
section, or heading to continue the exercise steps.’

3
Lab 1: Create a Custom Scan Template
For this lab, open the IVM Console virtual machine in your training environment.
1. Open a Firefox web browser to log in to the InsightVM console.

a. If the console is not the home page, navigate to https://192.168.1.(X)1:3780

b. Username: user(X), Password: pa$$word(X)

2. From the console, select Administration from the navigation menu.

3. On the Scan Options | TEMPLATES section select manage.

4. Locate the Full Audit without Web Spidering scan template. Click the Copy icon in this row.

5. Change the name of the template to Full Audit with Modifications.

6. Clear the current description and enter some text as the new description.

7. Uncheck Policies.

8. Configure your template with the following parameters: For any sections not mentioned, leave the
default settings. Note: Clicking any of the individual sections on the left menu will navigate through the
various template sections.

a. GENERAL

i. Change the number of simultaneous assets per Scan Engine from 10 to 15.

ii. Check Enhanced logging (useful for troubleshooting).

b. ASSET DISCOVERY

i. Discover assets with ICMP, ARP and TCP protocols. Uncheck UDP.

ii. Enable Do not treat TCP reset responses as live assets.

iii. Change Minimum Certainty to 0.25

c. SERVICE DISCOVERY

i. Change TCP Scanning Port to scan to All possible ports (1-65535).

d. DISCOVERY PERFORMANCE

i. Change the Maximum packets per second rate to under 10,000.

9. Save the template by clicking the SAVE button in the upper right area.

5
Lab 2: Creating Static Sites/Launching a Scan
For this lab, continue working from the Browser in the IVM Console virtual machine.
1. From the Security Console, select the Home link on the navigation menu to get to the home page.
2. Under the Sites section click the CREATE SITE button.
3. Configure the site with the following parameters: Note: Clicking the individual sections at the top (Info &
Security, Assets, etc.) will navigate through the various configuration sections. Each section may have
multiple configuration pages. You can navigate these using the top navigation.
a. INFO & SECURITY
i. Name the Site US Central Site.
b. ASSETS
i. In the INCLUDE section, enter the range 192.168.1.0/24
ii. In the EXCLUDE section, enter the address 192.168.1.1
c. TEMPLATES
i. Select the Full audit with modifications template you created in Lab 1.
d. ALERTS
i.
Locate CREATE ALERT link and click on it.
ii.Name your alert as US Central Site Failure
iii.The alert should only occur only if the scan fails.
1. Maximum Alerts to Send: 5
iv. Create an email alert with the following settings:
1. Recipient E-mail Addresses: user(X)@spirelab.local
2. From E-mail address: ivm-0(X)@spirelab.local
3. SMTP Relay Server: 192.168.1.201
v. You must click SAVE in this dialog box, as it will not save when you go to the next tab.
e. SCHEDULE
i. Click Create Schedule and name your schedule MonthlyScan
ii. Enter Start date and time to 09:00 PM Pacific on the 10th of next month.
iii. Set Frequency to Every 10th of the Month
iv. Set Duration to 3 hours 30 minutes
v. Set Reaches Duration to continue the scan where it previously stopped
vi. Click SAVE to commit your new schedule.
4. Click SAVE AND SCAN in the upper right to save your site configuration and start a scan. You may
get a popup asking, “Are you sure you want to SAVE AND SCAN?” Click Save & Scan.
5. Click the Home link on the navigation menu and monitor status under the Current Scans for All Sites
pane. This should auto refresh every few seconds.

Challenge: Create a site for 192.168.1.202 – 192.168.1.210, excluding 192.168.1.204, name the
site ‘DataCenter’ and use the Penetration test template.

6
Lab 3: Asset Groups
For this lab, continue working from the Browser in the IVM Console virtual machine.
Task 1: Create a Static Asset Group
1. Click the Create button in the top menu, select Asset Group
2. Change the Filter criteria to OS contains Ubuntu.
3. Click the + to add another filter criterion.
4. Create a second filter Open Port Number is 22.
5. Click the SEARCH button.
6. Scroll down to verify you have matching assets.
7. Leave type as Static and name the new asset group Ubuntu SSH.
8. Enter a brief description
9. Click SAVE.
10. Verify the new asset group is displayed in the asset group listing, and that it is static.

Task 2: Create a Dynamic Asset Group

1. Click the Create button in the top menu, select Dynamic Asset Group.
2. Create a filter with the following criteria:
a. OS contains Windows
b. Vulnerability Title contains SMB
3. Click SEARCH
4. After the search returns results, select CREATE ASSET GROUP.
5. Name the asset group Windows SMB Vulnerabilities.
6. Enter a brief description
7. Click SAVE

This group will change over time. New Assets that meet the criteria (from step 2) will be added to the
group with each scan.

Challenge: Create a dynamic asset group that lists assets with a vulnerability that has a CVSS score of
7.4 or higher.

7
Lab 4: Real Context
For this lab, continue working from the Browser in the IVM Console virtual machine.
Task 1: Tag an Individual Asset
1. Click the search (magnify glass) icon in upper right.
2. Enter 192.168 and click the magnifying glass to bring up the search page.
3. Locate and click the IP address 192.168.1.1(X)3.
4. From the right side of the page, under User-added Tags, click Add tags.
5. Click the CRITICALITY tab and select Low from the TAG NAME dropdown menu, then click ADD.
6. Click the Locations tab and in the TAG NAME field, type London and click ADD.
7. Select CUSTOM TAGS and enter XP, select a tag color, and click ADD.
8. Verify that the tags for custom, criticality and location have been added. These are viewable in the
User-added section of the asset view.

Task 2: Tag Assets in a Site

1. From the Home page, scroll down to the SITES section, locate US Central Site created earlier. Do not
click the site name.
2. Click the Edit (pencil) icon in the row with US Central Site.
3. From the INFO & SECURITY page, User-added Tags section, select Add tags.
4. In the CUSTOM TAGS, enter a new TAG NAME: Custom Network.
a. Select a TAG COLOR if desired. Click ADD.
5. Click the SAVE button in the upper right corner to save the site. Do not Save & Scan at this point.
6. Verify that assets in the site inherit the new tag Custom Network.

Task 3: Tag Assets in an Asset Group

1. Click Home from the navigation menu.
2. In the ASSET GROUPS section, open the Windows SMB Vulnerabilities asset group.
3. Click Edit Asset Group.
4. Click Add tags.
5. Add a CRITICALITY tag of Very High to the asset group. Click the ADD button to apply this change.
6. Click SAVE to finish creating the asset group.

Challenge: Tag assets that have a SMB Vulnerability.

8
Lab 5: Remediation and Scanning
For this lab, continue working from the Security Console in the IVM Console virtual machine.
1. Click Home from the navigation menu.
2. Open the US Central Site. Scroll down to Assets and click the IP address 192.168.1.1(X)0.
3. The most severe Vulnerability with a CVSS score of 7.3 is SMB signing disabled.
4. The pill icon on the last column to the right is a link to vulnerability and remediation information.
a. Note that guidelines for resolution are included. Browse these at your convenience.
5. Open the Windows Server 2008 R2 Baseline machine.
6. If prompted to log in, use the Administrator password: @1234Pass
7. Open the Powershell window by clicking on the icon on the taskbar.
8. Run the following command:
Get-SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol
9. Notice that SMB1 and SMB2 protocols are enabled with True. As with the case of many older
protocols, SMB1 has proven to be highly insecure. This was clearly demonstrated with WannaCry and
Petya.
10. To disable SMB1, run the following command:
Set-SmbServerConfiguration -EnableSMB1Protocol $false
11. To confirm, press Y to confirm.
12. Rerun Line #9 to verify that SMB1 is False and SMB2 is True.

13. Navigate to the IVM Console to scan for the vulnerability you just fixed.
14. From the Home page, locate the US East site and click the Scan Now button (target icon).
15. Name the scan Remediation Check and keep all other defaults.
16. Click Start Now. The scan will take approximately 2 minutes. Notice the vulnerabilities left after
remediating SMB version 1.

9
Lab 6: Automated Actions
For this lab, continue working from the browser in the IVM Console virtual machine.
1. Click the Automated Actions icon in the navigation menu.

2. Click the New Action button. This is the circle with the + inside.

3. Select New vulnerability coverage available as the trigger.

4. In the Filter By drop-down list select CVSS score.

5. Enter a variable of Is Higher than and a value of 7.4.

6. Click NEXT.

7. Select an action from the drop-down list. With new vulnerabilities, the only available action is Scan for
new vulnerabilities. Select it.

8. Select a site to scan for the new vulnerabilities.

9. Click NEXT.

10. Name your action CVSS Critical or higher.

11. Click SAVE.

10
Lab 7: Troubleshooting Challenge
Answer the following questions:

Q: What version is this product?

Q: What is the command to update the console via CLI (command line interface)?

Q: What is the command to see the details of the console/host?

Q: What is the default length time to keep scan information?

Q: Where would you find the scan logs in the GUI and how many do you have?

Q: Is asset linking turned on?

Q: What is the default modification value of a high criticality tag?

Q: Run the diagnose tool. What OS are you using?

Q: Can you check for updates upon startup? Where do you make sure those are turned on?

END DAY ONE

11
Lab 8: Installing a Scan Engine
For this lab, use the Console virtual machine. You will also browse to https://192.168.1.(X)1:3780
from this VM. Note: Linux commands are case sensitive.
Task 1: Get the Shared Secret
1. Open the IVM Console.
2. Log in to Security Console https://192.168.1.(X)1:3780.
1. Username is user(X) and the password is pa$$word(X).
3. Select Administration from the navigation menu, under Scan Options, select Manage under the
Engines section.
4. Click the Generate Button; highlight and copy the generated code.

Task 2: Install the Engine

1. Use the SSH Client to open a terminal session.
2. Issue the list command ls to display the files in this directory. The install file Rapid7Setup-
Linux64.bin will be listed as one of the files.
3. Change the properties of the install file to allow execution of the binary. Type:
sudo chmod +x Rapid7Setup-Linux64.bin, then press the Enter key. When prompted, enter
the root password, @1234Pass
Note: There is no success message. The command prompt displays again. If you type ‘ls’ again, you
will see the file is in green – ready for execution.
4. Type sudo ./Rapid7Setup-Linux64.bin to run the installer. This will launch the GUI install
wizard.
5. Click Next at the Welcome Screen.
6. Change Type and Destination to Scan Engine only. Click Next.
7. Under Account details, type in your first name, last name and company. Click Next.
8. Make sure the Initialize and start after installation box is checked and click Next.
9. The next Installation screen will ask for Console details. Enter IP address: 192.168.1.1(X)
10. Leave the default port 40815
11. Enter the shared secret collected during task 1. Click the Test button. You should see a green
check mark in status. This will only test communication to the console, not key validity.
12. Click Next and then Finish.
13. Issue the sudo reboot command to restart the virtual machine.
After the reboot, you can check the status with the following command in the terminal window:
systemctl status nexposeengine.service
You should see Active: active (running) near the top of the results.
On some systems, you may need to use systemctl start nexposeengine.service if the engine is not running.

Note: It can take 15-30 minutes for the initial connection to naturally establish between the Engine and Console. To
connect an engine manually:

12
Lab 9: Credential Management
For this lab, use the IVM Console virtual machine and browse to https://192.168.1.(X)1:3780.
Task 1: Shared Credentials - SSH Credentials
1. From the InsightVM console, select Administration from the navigation menu.
2. Under the Scan Options | SHARED CREDENTIALS section, select Create.
3. Name the new credential SSH. Enter a description.
4. Click on ACCOUNT from the left-hand options.
5. Select Secure Shell (SSH) from the Service dropdown list
6. For the username, enter msfadmin. For the password, enter msfadmin.
7. Expand the Test Credentials section. Select Local Scan Engine from the Scan Engine dropdown list.
8. In the Host name/IP address field enter 192.168.1.204. Leave the Port blank.
9. Click the TEST CREDENTIALS button and wait for the ‘Authentication succeeded’ message.
10. If authentication fails, double check the username and re-enter the password.
11. Under SITE ASSIGNMENT, check Assign these credentials to all current and future sites.
12. Click SAVE.

Task 2: Site Specific Credentials - Windows Credentials

1. From the Home page, Open the US Central site and click MANAGE SITE.
2. Click the AUTHENTICATION Tab and add a new Credential.
3. Name the new credential SMB.
4. Select Account on the left-hand options. Select Microsoft Windows/Samba (SMB/CIFS) from the
dropdown list.
5. For the username, enter administrator. For the password, enter @1234Pass.
6. Expand the Test Credentials section. Use local scan engine.
7. In the Host name/IP address field enter 192.168.1.(X)5. Leave the Port blank.
8. Click the TEST CREDENTIALS button. And wait for the ‘Authentication succeeded’ message.
9. If authentication fails, double check the username and re-enter the password.
10. Click SAVE.

13
Lab 10: Exception Handling
For this lab, use the IVM Console virtual machine and browse to https://192.168.1.(X)1:3780
Task 1: Submit an Exception
1. Click the Vulnerabilities icon on the navigation menu.
2. Change the CVSS scores to sort in ascending order by clicking on the CVSS column title.
3. Choose any low risk vulnerability and click on Exclude in the far right-hand column.
4. In the Vulnerability Exception window, chose any scope.
5. Under Reason for field, select Acceptable Risk.
6. In the Additional comments field, enter an acceptable use reason.
7. Enter a date in the future.
8. Click the SUBMIT button.
9. Observe the icon and text in the Exceptions column changed from ‘Exclude’ to ‘Under review’

Task 2: Approve/Reject an Exception Submission

1. From the console, select Administration from the navigation menu.

2. Under the Exceptions and Overrides section, click Review.

3. Notice the recently submitted exception with the status ‘Under review’. Check the checkbox next to the
item.

4. Click the Review button.

5. Enter comments in the Reviewer’s Comments field.

6. Set an expiration date of six months from today.

7. Click APPROVE.

8. Observe that the Review status has changed to “Approved by XXX”.

14
Lab 11: Risk Score
For this lab, use the IVM Console virtual machine.
Task 1: Risk Score Adjustment
1. From the console, select Administration from the navigation menu.
2. From the Global and Console Settings | Global section, select Manage.
3. Select the RISK SCORE ADJUSTMENT configuration page from the left-hand options.
4. Check the box next to Adjust asset risk scores based on criticality.
5. Make note the Risk Score Modifier values.
6. Click SAVE.
7. Click the Home icon.
8. Scroll down to the Asset Tags section
9. Locate the Criticality assets tags. Select a tag (beside medium) that has tagged assets associated with
it.
10. Click on an asset with a Criticality tag applied.
11. Observe the Original risk score and the Context-Driven risk score with the modifier applied.

Task 2: Change the Risk Strategy

1. From the console, select Administration from the navigation menu.
2. From the Global and Console Settings | Global section, select Manage.
3. Change the Risk Strategy from Real Risk to Temporal.
4. Change the Historical data to recalculate the Entire history.
5. Click Save.

15
Lab 12: Manage Reports
For this lab, use the IVM Console virtual machine.
Task 1: Create a Report Template (Document)
1. From the console, select Reports from the navigation menu.
2. Select Manage report templates.
3. Click the NEW button to create a new report template.
4. Enter the name Document Report Template. Enter a brief description.
5. For the Template TYPE, keep the default selection of Document (PDF, HTML, RTF).
6. Leave the Vulnerability DETAILS setting as Complete.
7. Under Preferences, select Display asset names and IP addresses.
8. In the ‘Select sections to include in the template’ section, select the following configurable report
sections by selecting the specific section name, then click the Add button:
a. Cover Page
b. Table of Contents
c. Executive Summary
d. Baseline Comparison
e. Discovered Vulnerabilities
9. Click Save.
Note: with the selection of ‘Cover Page’, ‘Baseline Comparison’, and ‘Executive Summary’ sections,
options at the bottom of the page appear for each section.
Continue to Task 2, next page.

16
Task 2: Create a Document Report
1. From the console, select Reports from the navigation menu.
2. Select Create a report.
3. Name the New Report Training1.
4. From the Scan Template Thumbnails, find and select the template named Document Report
Template. (From Task 1)
5. Select the File format as HTML.
6. Under ‘Scope’, select the + icon for ‘Select Sites, Assets, Asset Groups or Tags’.
a. On the ‘Select Report Scope’ screen, select a site to include in the report.
b. Click DONE to return to the main ‘Create a Report’ screen page.
7. Under Frequency, configure the report to run on the 1st of every month (at 12:01 am) by selecting Run a
recurring report on a schedule.
8. Click the Configure Advanced settings… hyperlink.
9. Expand the Distribution section
a. Select the checkbox for Send to users on a report access list
b. For the ‘Attach report file as’ option, select File. Click SAVE THE REPORT.
10. On the View Reports tab, mouse over ‘Training1’. (You may have to navigate to another page on the
report list).
11. Click the dropdown menu to the left of the report name and select Run
12. Once the report is complete, view the report by clicking on the report name Training1.

17
Lab 13: InsightVM Dashboards, Queries, Goals & Projects
Task 1: Create a Dashboard
1. From the console, select Dashboard from the navigation menu.

2. To the right of the Default Dashboard, click the copy button. Name the new dashboard
Analyst Dashboard_ followed by your initials. Click OK.

3. Delete the card for Assets Running Obsolete Operating Systems.

4. Drag “Assets with Critical Risk Vulnerabilities” to the upper right-hand corner.

5. In the upper right-hand corner, click the Add Card button. Choose 1 new card in any category.
Scroll to the bottom of the page and to click Add.

Task 2: Create a Query

1. Navigate back to the Dashboard.

2. Locate the ‘Assets with Critical Risk Vulnerabilities’ card and click on Expand Card.

3. Click the Add Criteria button.

4. Type skill, the item vulnerability.skillLevel appears below the box. Click = from the options
that appear on the right.

5. Select novice from the dropdown to the right of the comparison operators.

6. Click the Apply button.

7. Click Save in the upper right, Save as New Card.

8. Name the card Novice Exploitable Vulns. Name the new filter: Novice
Exploitable Vulns Filter followed by your initials.

9. Click Close to return to the Dashboard to view your new card.

Continue to Task 3, next page.

18
Task 3: Create a Project
1. On the navigation menu, click Projects.

2. Click Create a Project in the upper right.

3. Name this project Critical Risk Assets. Add your initials to the end of the project name.

4. Click Save and Continue.

5. Keep the Static project type, click Add Criteria.

6. Apply the Asset Filter: asset.ipv4 BETWEEN 192.168.1.(X)0 and 192.168.1.(X)9.

Click Apply then click Add Criteria again.

7. Create the Vulnerability Filter: vulnerability.cvssScore > 7.5. Apply the filter.

8. Click Save and Continue.

9. Assign this Project to user(X). Click Save and Continue.

10. Make this project due in 1 month. Click Save and Continue.

11. Review your settings, then Save and Complete the Project.

Look for the green bar at the top of the page that informs you that the project was created
successfully and Click here to view your new project. OR navigate to Projects from the menu on
the left. You may see a warning banner that informs you it may take several minutes for your
projects to be fully populated with solutions.

12. Click the project you just created Critical Risk Assets_XXX. The Project Overview will slide out
from the right side of the screen and can be minimized or maximized by clicking on the greater
than sign (>) or the less than sign (<).

13. Open the first solution by clicking on the solution itself. Click the check mark within the circle to
view the solution. Close the window.

14. When you have “remediated” a vulnerability, check the box next to the solution listed. Click
Update Status. Select Awaiting Verification as your updated status. Verification will occur
during the next scan.

Continue to Task 4, next page.

19
Task 4: Setting Goals
1. In the navigation menu, click the Goals icon.

2. In the next screen, click + New Goal in the upper right corner or at the bottom of the image.
This action will launch the wizard to create a goal. *There are recommended goals.

3. Select SLA. Click Continue in the upper right.

4. Click the Load Query button in the Goal Scope. Choose the Vuln Novice filter you created in
Task 2. Click Continue in the upper right.

5. On the Set Conditions page, set criteria as follows:

vulnerability.skillLevel DOES NOT CONTAIN ‘novice’ within 5 days of discovery.

6. Name the Goal: Novice Vulnerabilities and your initials and assign it to your dashboard.

7. Click Finish button in the upper right.

20
Appendix A: Practice Exam Questions
1. Agents are managed and downloaded through the InsightVM Dashboard.
a. True
b. False
2. Why is it recommended to use valid credentials with vulnerability scans?
a. To obtain maximum accuracy and visibility into vulnerability findings.
b. To confirm the Console users identity before scanning
c. To ensure a secure session between the Engine and the host(s)
d. For logging and accountability purposes
3. When sending your diagnostic information to support.rapid7.com you are doing it over a TLS-
encrypted session over port 443.
a. True
b. False
4. The default risk model for InsightVM is:
a. Weighted risk
b. Real risk
c. Temporal risk
d. PCI ASV 2.0 Risk
5. To edit a built-in scan template, you would:
a. Edit the template directly
b. Delete and re-create the template
c. Copy and paste the template into a new site
d. Copy the template, make changes, and save as a new template, leaving the old
as-is
6. If the error message "Not enough memory to complete scan" occurs during a scan, which of
the following actions should be considered?
a. Run fewer simultaneous scans
b. Lower the number of scan threads allocated by your scan template
c. Power off the console
d. Both A and B
e. Both A and C

21
7. What is the minimum RAM system requirement (in GB) for InsightVM console installations?
a. 32
b. 4
c. 16
d. 12
e. 8
8. Which of the following report data export formats can InsightVM output?
a. CSV Export
b. XML Export
c. Database Export
d. CyberScope XML Export
e. All of the above
9. Project metrics are ________________ updated as vulnerabilities are found not to exist
anymore, so that you can fully visualize the achievements of your remediation teams.
a. automatically
b. never
c. sometimes
d. seldom
10. What URL would you use if trying to reach a remote InsightVM install on another server?
a. http://servername/Console:3780
b. https://localhost:3780
c. https://serverIPaddress:3780
d. https://serverIPaddress:40814
11. You have a single dual-processor InsightVM console with 8GB of RAM. You currently have no
additional scan engines installed. You are attempting to scan 12 class C networks. Your scans
seem to be failing and you are seeing ‘out of memory’ errors entries in the console log. What
is the BEST course of action that you should take to resolve the issue?
a. Increase the console's RAM.
b. Deploy Remote Scan Engines and reassign scans to the engines
c. Increase available memory by stopping unnecessary services.
d. Spread your scans over a longer period.

22
12. Specify the items to which you can apply custom tags: (Select all that apply)
a. An individual asset
b. Asset groups
c. Sites
d. Reports
e. Scan templates
13. Performing a filtered asset search is the first step in creating what type of asset groups?
a. Full
b. Asset
c. Dynamic
d. Site
14. Which of the following is a factor in the determination of vulnerability severity levels?
a. Temporal Scores
b. CVSS Scores
c. Weighted Scores
d. SANS Vulnerability Scores

23
Appendix B: Change Log

Version Updates
18.4.1 Updated logo
Updated Lab 13, Task 3
18.6.0 Updated Challenges
18.7.0 Corrected Specifications
18.8.0 IPIMS Integration
18.9.0 Added Remediation Workflow
18.9.1 Edit Templates
18.11 Update OS
18.12 Goals – Time Bound and Continuous
19.1 Edited Goals and Agent
19.2 Updated template
19.4 Removed Users, updated Topology with Agents/Collectors
19.6 Updated Insight Platform Query & Test Link
19.10 Updated all Labs
20.03.01 Updated lab guide for style and readability. Removed md5
checksum task. Updated Dashboard lab. Revised for CloudShare
use vs Ravello.
20.04.01 Updated reference information
20.04.02 Fixed typo in reference information
20.05.01 Updated exam instructions in the slide deck.
20.06.01, 29 Jun 2020 Removed references to virtual appliance from the slide deck as
these are not recommended/supported for production.
20.08.03, 3 Aug 2020 Fixed incorrect passwords in virtual environment section.

24