Tenable University: Nessus Certificate of Proficiency. Yesterday I finished “Nessus Certificate of Proficiency” learning plan at Tenable University and passed the final test. Here I would like to share my impressions.
First of all, few words about my motivation. I use Nessus literally every day at work. So, it was fun to check my knowledge. I already wrote about Tenable education portal in “Study Vulnerability Assessment in Tenable University for free” post. It’s free. It’s available for everyone on demand. However, Tenable customers get access to way more content.
At this moment there are four learning plan available for Tenable customers: for Nessus, Tenable.io, SecurityCenter and SecurityCenter Continuous View. Each learning plan consist of short video lessons grouped in courses and the final test.
For Nessus learning plan there were 12 courses with 4-8 videos in each:
For example, videos for “Nessus Advanced Scanning” course:
As you can see, some courses are related to Nessus Manager, which is not an active Tenable product anymore. However, most of the information about Nessus Manager is applicable to Tenable.io as well.
Most of the videos are very basic and good for novices. However, some of them contain specific details that I didn’t know before. I liked video about the stages of Nessus scan process. It’s important to understand that if Nessus fails or does not receive get enough information on previous stages, there won’t be detected vulnerabilities:
There was pretty useful video about debugging authentication issues on a different platforms. I also liked video about “WSUS scanning” when Nessus gets data about KBs installed/not installed on Windows hosts directly from WSUS and detects vulnerabilities without the need to perform actual network scan. More than this, it can correlate results of WSUS and network scan.
Unfortunately, there were no tests after each course. In previous version of education portal (rus) you needed to answer 5 questions after each module to go further. It was pretty useful for learning.
Now there is only one final test. 40 questions, pass mark 70 %, 75 minutes, only 1 attempt available. Some questions should be trivial for anyone who used Nessus. But about a half of them were tricky and required deep knowledge of how target hosts and Nessus should be configured to obtain the best scan results. 75 minutes is more than enough. When I finished answering the questions I had more than 30 minutes left. Actually, I wasn’t sure that I will pass it, but I did:
Certificate btw looks pretty simple 🙂 :
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.
Pingback: Non-reliable Nessus scan results | Alexander V. Leonov
Pingback: Dealing with Nessus logs | Alexander V. Leonov
Hello,
I am recently start to learn tenable and I am doing certification too, Tenable.io Certificate of Proficiency.
You said that you had only 1 attempt. Do you know what will happen when I “fail” the exam. Will I be able to do it again?
Regards
Vit
Please can you help me about nessus exam information