Question 2 - Isaca CCOA Real Exam Questions [Feb 2026 Update]

Q: 2

SIMULATION For this question you must log into Greenbone Vulnerability Manager using Firefox. The URL is: https://10.10.55.4:9392 and credentials are: Username: admin Password: Secure-gvm! A colleague performed a vulnerability scan but did not review prior to leaving for a family emergency. It has been determined that a threat actor is using CVE-2021-22145 in the wild. What is the host IP of the machine that is vulnerable to this CVE?

Your Answer

Correct Answer:

See the solution in

Explanation

Explanation:

To determine the host IP of the machine vulnerable to CVE-2021-22145 using Greenbone

Vulnerability Manager (GVM), follow these detailed steps:

Step 1: Access Greenbone Vulnerability Manager

Open Firefox on your system.

Go to the GVM login page:

URL: https://10.10.55.4:9392

Enter the credentials:

Username: admin

Password: Secure-gvm!

Click Login to access the dashboard.

Step 2: Navigate to Scan Reports

Once logged in, locate the "Scans" menu on the left panel.

Click on "Reports" under the "Scans" section to view the list of completed vulnerability scans.

Step 3: Identify the Most Recent Scan

Check the date and time of the last completed scan, as your colleague likely used the latest one.

Click on the Report Name or Date to open the detailed scan results.

Step 4: Filter for CVE-2021-22145

In the report view, locate the "Search" or "Filter" box at the top.

Enter the CVE identifier:

CVE-2021-22145

Press Enter to filter the vulnerabilities.

Step 5: Analyze the Results

The system will display any host(s) affected by CVE-2021-22145.

The details will typically include:

Host IP Address

Vulnerability Name

Severity Level

Vulnerability Details

Example Display:

Host IP Vulnerability ID CVE

Severity

192.168.1.100 SomeVulnName

CVE-2021-22145

High

Step 6: Verify the Vulnerability

Click on the host IP to see the detailed vulnerability description.

Check for the following:

Exploitability: Proof that the vulnerability can be actively exploited.

Description and Impact: Details about the vulnerability and its potential impact.

Fixes/Recommendations: Suggested mitigations or patches.

Step 7: Note the Vulnerable Host IP

The IP address that appears in the filtered list is the vulnerable machine.

Example Answe r:

The host IP of the machine vulnerable to CVE-2021-22145 is: 192.168.1.100

Step 8: Take Immediate Actions

Isolate the affected machine to prevent exploitation.

Patch or update the software affected by CVE-2021-22145.

Perform a quick re-scan to ensure that the vulnerability has been mitigated.

Step 9: Generate a Report for Documentation

Export the filtered scan results as a PDF or HTML from the GVM.

Include:

Host IP

CVE ID

Severity and Risk Level

Remediation Steps

Background on CVE-2021-22145:

This CVE is related to a vulnerability in certain software, often associated with improper access

control or authentication bypass.

Attackers can exploit this to gain unauthorized access or escalate privileges.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE