Download Qualys Vulnerability Management: Q&A for Effective Security Practices and more Exams Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!
Qualys Vulnerability Management
Questions with 100% Correct Answers |
Latest Version | Verified
List the default tracking methods available for adding assets to your "scanning" subscription. (Select Three) (A) DNS Name (B) NetBIOS Name (C) CVE ID (D)Qualys Host ID (E) IP Address - โโ(A) DNS Name (B) NetBIOS Name (E) IP Address Name the phase or step of the Qualys Vulnerability Management Lifecycle that produces scan results containing vulnerability findings? (A) Report (B) Discover (C) Remediate (D) Assess - โโ(D) Assess Which of the following is the default tracking method used by Qualys Cloud Agents? (A) IP Address (B) Qualys Host ID (C) DNS Name (D) NetBIOS Name - โโ(B) Qualys Host ID
Which of the following are phases of the Vulnerability Management Lifecycle? (A) Maintenance (B) Remediate (C) Design (D) Discover (E) Report - โโ(B) Remediate (D) Discover (E) Report Name the type of scanner appliance (by default) available to all Qualys users with "scanning" privileges? (A) External (Internet-based) Scanner (B) Offline Scanner (C) Virtual Scanner (D) Internal Scanner - โโ(A) External (Internet-based) Scanner Only the _________ user role can edit QIDs in your account KnowledgeBase. (A) Manager (B) Administrator (C) Scanner (D) Unit Manager - โโ(A) Manager Potential vulnerabilities are automatically verified. (True/ False) (A) True
(A) Report Template (B) Remediation Policy (C) Asset Group (D) Business Unit (E) Asset Tag (F) Option Profile - โโ(A) Report Template (B) Remediation Policy (F) Option Profile A static Search List is created and updated ____________. (A) Manually (B) Explicit (C) By Default (D) Automatically - โโ(A) Manually What are the primary methods available in Qualys VM, for grouping, labeling, and organizing host assets? (Select Two) (A) Severity Levels (B) Search Lists (C) Asset Groups (D) Asset Tags - โโ(C) Asset Groups (D) Asset Tags Which of the following options can be used to add assets to an Asset Group? (Select Three) (A) DNS name (B) MAC address
(C) IP address (D) NetBIOS name - โโ(A) DNS name (C) IP address (D) NetBIOS name Scans must be performed in "________________" mode to produce a list of installed software applications. (A) Authorized (B) Administrative (C) Temporary (D) Authenticated - โโ(D) Authenticated Why is it beneficial to configure the Business Impact of an Asset Group? (A) It's used to calculate Business Risk (B) It's used to calculate storage space (C) It's used to calculate Severity Levels (D) It's used to calculate CVSS Scores - โโ(A) It's used to calculate Business Risk A "static" Asset Tag will adjust dynamically and automatically to changes made to your host assets. (True/False) (A) True (B) False - โโ(B) False The service creates some initial asset tags based on the existing objects (configurations) in your account. List those asset tags. (Select Four) (A) Asset Groups
(D) Twin - โโ(C) One You are building an Options Profile that targets "Zero Day" vulnerabilities. Which "Scan" option will allow you to use a "Zero Day" Search List to achieve this objective? (A) Password Brute Forcing (B) Additional Certificate Detection (C) Vulnerability Detection (D) TCP Ports - โโ(C) Vulnerability Detection Agents and Scanners can be combined to cater to the vulnerability assessment needs. (A) Correct (B) Incorrect - โโ(A) Correct The primary modules that collect the host configuration data are: (Select Four) (A) Porting Scanning (B) Operating System Detection (C) Service Detection (D) Network Scanning (E) Host Discovery - โโ(A) Porting Scanning (B) Operating System Detection (C) Service Detection (E) Host Discovery Which of the following sensors are presently used by Qualys VM to collect the data needed to perform host vulnerability assessments? (Select Two)
(A) Cloud Connector (B) Scanner Appliance (C) Cloud Agent (D) Passive Sensor - โโ(B) Scanner Appliance (C) Cloud Agent One of your "Scanner" users would like to perform a comprehensive scan (occasionally) that targets the maximum number of service ports. Which port scanning option do you recommend? (A) None (B) Standard Scan (C) Light Scan (D) Full - โโ(D) Full Which module does a Qualys Scanner Appliance load to determine the LIVE/DEAD status of targeted hosts? (A) Service Detection (B) OS Detection (C) Host Discovery (D) Port Scanning - โโ(C) Host Discovery Which of the following is NOT a valid target for launching a scan? (A) IP address (B) Search List (C) Asset Tag (D) Asset Group - โโ(B) Search List
(D) Six Hours - โโ(A) Four Hours Report templates cannot be customized. (A) Incorrect (B) Correct - โโ(A) Incorrect Which report type is NOT created from a Report Template? (A) Patch Report (B) Authentication Report (C) Map Report (D) Remediation Report - โโ(B) Authentication Report One of your colleagues would like to build a report to display vulnerability findings over the last three months (including trending information)? What do you recommend? (A) Build a scan template that uses Scan Based findings (B) Build a scan template that sorts findings by Asset Group (C) Build a scan template with the "All" Asset Group as its target (D) Build a scan template that uses Host-Based Findings - โโ(D) Build a scan template that uses Host- Based Findings Name the types of reports: (Select Four) (A) Scan Report (B) Map Report (C) Patch Report
(D) Application Report (E) Remediation Report - โโ(A) Scan Report (B) Map Report (C) Patch Report (E) Remediation Report The ________ report allows you to track the status of any vulnerability on any host. (A) Technical (B) Executive (C) Scan (D) Trend - โโ(D) Trend Identify the report types that can be scheduled: (Select Three) (A) Asset reports (B) Scan reports using Host-based Findings (C) Patch reports (D) Application reports (E) Remediation reports - โโ(B) Scan reports using Host-based Findings (C) Patch reports (E) Remediation reports Identify the most privileged user role. (A) Administrator (B) Manager (C) Scanner
Remediation policies for the teams dedicated to specific groups of host assets can be constructed using _____________ Groups. (A) Asset (B) Application (C) Scanning (D) Vulnerability - โโ(A) Asset ___________ can be set on your remediation policy to ensure you are tracking the remediation of vulnerabilities on host systems is occurring in a timely manner. (A) Filtering (B) Processing (C) Deadlines (D) Ordering - โโ(C) Deadlines What are the two components of every Remediation Policy? (A) Results (B) Actions (C) Conditions (D) Graphics - โโ(B) Actions (C) Conditions In which order are the Multiple Remediation Policies evaluated? (A) From bottom to top (B) In no specific order
(C) Based on the rule creation date (D) From top to bottom - โโ(D) From top to bottom Which of the following does not accurately describe a behavior or characteristic of a Remediation Policy? (A) A Remediation policy can be configured to ignore certain vulnerability QIDs (B) Remediation policies contain conditions and actions (C) A remediation policy can be configured to assign detected vulnerabilities to Qualys users (D) A remediation policy at the bottom of the list has precedence over the policies above it - โโ(D) A remediation policy at the bottom of the list has precedence over the policies above it
