Scribd Logo
Upload

Welcome to Scribd!

  • Qualysguard Vulnerability Management

    Uploaded by

    thiyaga1988
    953 views7 pages
    This document provides an exam guide for passing the Qualys Vulnerability Management (VM) exam, which upon passing would earn the test taker a Qualys Certified Specialist certificate. It outlines important exam tips, including that there are 30 multiple choice questions, a minimum passing score of 75%, and 5 attempts allowed to pass. Sample exam questions are then provided covering various topics related to Qualys vulnerability management capabilities and terminology.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides an exam guide for passing the Qualys Vulnerability Management (VM) exam, which upon passing would earn the test taker a Qualys Certified Specialist certificate. It outlines important exam tips, including that there are 30 multiple choice questions, a minimum passing score of 75%, and 5 attempts allowed to pass. Sample exam questions are then provided covering various topics related to Qualys vulnerability management capabilities and terminology.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    953 views7 pages

    Qualysguard Vulnerability Management

    Uploaded by

    thiyaga1988
    This document provides an exam guide for passing the Qualys Vulnerability Management (VM) exam, which upon passing would earn the test taker a Qualys Certified Specialist certificate. It outlines important exam tips, including that there are 30 multiple choice questions, a minimum passing score of 75%, and 5 attempts allowed to pass. Sample exam questions are then provided covering various topics related to Qualys vulnerability management capabilities and terminology.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

    Qualysguard is one of the known vulnerability management tool that is used to scan the technical

    vulnerabilities. I am sharing this exam guide that will help you to pass Vulnerability Management
    (VM) exam. You will earn Qualys Certified Specialist certificate once you passed the exam. all
    questions and answers are verified and recently updated.

    Important Exam Tips:

    1. You have five attempts to pass this exam


    2. The test is linear, no going back to an older question
    3. The minimum passing score is 75% 
    4. The exam can be taken anytime make sure your login session should be valid.
    5. 30 questions with Multiple choices 

    Note: All correct answers are highlighted with yellow color.

    1. Which of the following are benefits of scanning in authenticated mode? (choose 2)

    Choose an answer:

     Fewer confirmed vulnerabilities


     More vulnerabilities are detected
     Time saved from manually investigating potential vulnerabilities
     More accurate scan details

    verified answer 

    2. Which of the following are valid options for scanning targets? (choose 3)

    Choose an answer:

     Asset Groups
     Domain Name
     IP addressing
     Asset Tags
     Search Lists
     MAC Address

    3. What type of scanner appliance (already provisioned within the Qualys Cloud Platform) is ideal for
    scanning public facing assets?

    Choose an answer:

     Offline Scanner
     Virtual Scanner
     External Scanner
     Internal Scanner
    4. Which of the following is NOT a component of a vulnerability scan?

    Choose an answer:

     Host Discovery
     OS Detection
     Port Scanning
     Business Impact

    5. Which of the following will have the greatest impact on a half red, half yellow QID?

    Choose an answer:

     Share Enumeration
     Scan Dead Hosts
     Authentication
     Authoritative Option

    6. What is the maximum number of TCP ports that can participate in the Host Discovery process?

    Choose an answer:

     10
     65535
     1900
     20

    7. Which of the following items are used to calculate the Business Risk score for a particular asset
    group? (choose 2)

    Choose an answer:

     Business Impact
     Security Risk
     CVSS Base
     CVE ID

    8. In order to successfully perform an authenticated (trusted) scan, you must create a(n):

    Choose an answer:

     Authentication Record
     Search List
     Asset Map
     Report Template
    9. Multiple Remediation Policies are evaluated:

    Choose an answer:

     From top to bottom


     From bottom to top
     Based on the rule creation date
     In no specific order

    10. A search list contains a list of .

    Choose an answer:

     QIDs
     Host Assets
     Applications
     Asset Groups

    11. Dynamic Asset Tags are updated every time you..

    Choose an answer:

     Run a scan
     Create a remediation policy
     Run a report
     Search the KnowledgeBase

    12. As a Manager in Qualys, which activities can be scheduled?

    Choose an answer:

     Asset Searches
     Updates to the KnowledgeBase
     Maps
     Reports
     Scans

    13. What does it mean when a “pencil” icon is associated with a QID in the Qualys KnowledgeBase?

    Choose an answer:

     There is malware associated with the QID


     The QID has a known exploit
     The QID has been edited
     A patch is available for the QID
    14. Which item is not mandatory for launching a vulnerability scan?
    Choose an answer:

     Target Hosts
     Option Profile
     Authentication Record
     Scanner Appliance

    15. About how many services can Qualys detect via the Service Detection Module?
    Choose an answer:

     13
     512
     20
     600

    16. By default, the first user added to a new Business Unit becomes a ____________ for that unit.

    Choose an answer:

     Auditor
     Administrator
     Reader
     Scanner
     Unit Manager

    17. In a new Option Profile, which authentication options are enabled by default?

    Choose an answer:

     All
     Unix
     Windows
     None

    18. Which of the following vulnerability scanning options requires the use of a “dissolvable agent”?

    Choose an answer:

     Windows Share Enumeration


     TCP port scanning
     Scan Dead Hosts
     UDP port scanning
    19. To produce a scan report that includes the results from a specific scan that occurred at a specific
    point in time, you should select the _______________ option in the Report Template.

    Choose an answer:

     Scan Based Findings


     Dynamic Findings
     Static Findings
     Host Based Findings

    20. About how many TCP ports are scanned when using Standard Scan option?

    Choose an answer:

     1900
     10
     20
     65535

    21. Asset Groups and Asset Tags can be used to effectively customize or fine tune … (choose all that
    apply)

    Choose an answer:

     Reports
     Vulnerability Scans
     Remediation Policies
     Search Lists

    22. What is required in order for Qualys to generate remediation tickets? (choose all that apply)

    Choose an answer:

     Scan Results need to be processed by Qualys


     A Policy needs to be created
     A Map needs to be run
     A Remediation Report needs to be run

    23. Before you can scan an IP address for vulnerabilities, the IP address must first be added to the.

    Choose an answer:

     Host Assets tab


     Business Units tab
     Domains tab
     Search List tab
    24. What is the 6-step lifecycle of Qualys Vulnerability Management?

    Choose an answer:

     Mapping, Scanning, Reporting, Remediation, Simplification, Authentication


     Learning, Listening, Permitting, Forwarding, Marking, Queuing
     Bandwidth, Delay, Reliability, Loading, MTU, Up Time
     Discover, Organize Assets, Assess, Report, Remediate, Verify

    25. To exclude a specific QID/vulnerability from a vulnerability scan you would:

    Choose an answer:
     
    Disable the QID in the Qualys KnowledgeBase.
    Ignore the vulnerability from within a report.
    Place the QID in a search list, and exclude that search list from within the Option Profile.
    You cannot exclude QID/Vulnerabilities from vulnerability scans.

    26. Which of the following components are included in the raw scan results, assuming you do not
    apply a Search List to your Option Profile? (choose all that apply)

    Choose an answer:

     Host IP
     Option Profile Settings
     Potential Vulnerabilities
     Information Gathered
     Vulnerabilities

    27. Which of the following types of items can be found in the Qualys KnowledgeBase? (choose all
    that apply)

    Choose an answer:

     Potential Vulnerabilities
     Configuration data (Information Gathered)
     Confirmed Vulnerabilities
     Asset Groups
     Remediation Tickets

    28. Which three features of the Vulnerability Management application can be customized using a
    KnowledgeBase "Search List"?

    Choose an answer:

     Authentication Records
     Report Templates
     Remediation Policies
     Option Profiles
    29. What type of Search List adds new QIDs to the list when the Qualys KnowledgeBase is updated?

    Choose an answer:

     Active
     Static
     Dynamic
     Passive

    31. When a host is removed from your subscription, the Host Based Findings for that host are.

    Choose an answer:

     Ranked
     Purged
     Ignored
     Archived

    You might also like