VMDR Q&A

D
Vulnerability Management Detection & Response
Questions & Answer
1. Which of the following tasks are performed by a Qualys patch job? (choose 2) Choose all that
apply:
 Uninstall existing patches
 Install or deploy missing patches
2. After Qualys Cloud Agent has been successfully installed on a target host, which of the
following “Patch Management” setup steps must be completed, before host patch
assessments can begin? (choose 3) Choose all that apply:
 Activate PM module on host
 Assign host to CA Configuration Profile (with PM enabled)
 Assign host to an enabled PM Assessment Profile
3. By default, which of the following factors are used by the VMDR Prioritization Report, to
prioritize vulnerabilities? (choose 3) Choose all that apply:
 Vulnerability Age
 Real-Time Threat Indicators
 Attack Surface
4. What does it mean, when a patch is displayed with a “key-shaped” symbol? Choose an
answer:
 The patch cannot be downloaded by Qualys Cloud Agent.
5. Qualys Cloud Connector will allow you to enumerate host instances and collect useful
metadata from which of the following cloud platforms? (choose 3) Choose all that apply:
 Amazon AWS
 Google Cloud Platform
 Microsoft Azure
6. When a Qualys Scanner Appliance is used for data collection, which of the following guidelines
will help to reduce the number of “unidentified” assets appearing in Asset Inventory? Choose
all that apply:
 Perform scans in “authenticated” mode.
 Configure network filtering devices to let scan traffic through.

7. Which “Active Threat” category leverages machine learning to determine if presently non-
exploitable vulnerabilities should be prioritized? Choose an answer:
 Predicted High Risk
8. Qualys Cloud Agents can be downloaded and installed from which of the following places?
(choose 2) Choose all that apply:
 VMDR “Welcome” page
 Activation Keys tab of the Cloud Agent application**
9. Which “Active Threat” category includes attacks that require little skill and do not require
additional information? Choose an answer:
 Easy Exploit
10. The “sniffing” interface of a Qualys Passive Sensor, is designed to connect to what type of
network devices? (choose 2) Choose all that apply:
 TAP
 Switch (SPAN Port)
Switch Port Analyzer (SPAN) is switch specific tool that copies Ethernet frames passing through switch
ports and send these frames out to specific port. Switch itself doesn’t analyze these copied frames, it
send frames out of specific port to network analyzer. A Network analyzer may be purpose build hardware
appliance or an application running on the host. The analysis of these frames are done to troubleshoot
network. Sometimes frame analysis is also done to dig out contents of frame to find any malicious
content hidden inside the frame.
11. Which of the following identifies the correct order of the VMDR Lifecycle phases? Choose an
answer:
 Asset Management, Vulnerability Management, Threat Detection & Prioritization, Response
12. Which of the following statements about Qualys Patch Management’s “patch sources” is
false? Choose an answer:
 A VPN connection to your corporate network is required to download patches.
13. If Qualys Passive Sensor discovers an asset that is not managed within your Qualys account, it
is placed in the ____________ section of the Asset Inventory application. Choose an answer:
 Unmanaged
14. Which type of Dashboard Widget can be configured to change color, as its tracked data
reaches specific conditions or threshold levels? Choose an answer:
 count
15. From the PATCHES section in the Patch Management application, which query produces a list
of “uninstallable” patches? Choose an answer:
 isRollback:true
16. Which csam, provides the Real-Time Threat Indicators (RTIs) used in the VMDR Prioritization
Report? Choose an answer:
 Threat Protection
17. By default, If you attempt to install Qualys Cloud Agent from the VMDR “Welcome” page,
what Activation Key will be used? Choose an answer:
 Default VMDR Activation Key
18. Which “Active Threat” category includes vulnerabilities that are actively attacked and have no
patch available? Choose an answer:
 Zero Day
19. Qualys provides virtual scanner appliances for which of the following cloud platforms?
(choose 3) Choose all that apply:
 Amazon AWS
 Google Cloud Platform
 Microsoft Azure
20. Which of the following tasks are performed by a patch assessment scan? (choose 2) Choose all
that apply:
 Discover patches already installed
 Discover missing patches
21. The Qualys Asset Inventory application distinguishes your asset inventory using which of the
following categories? (choose 3) Choose all that apply:
 Hardware
 Operating System
 Software
22. **Which Qualys sensors collect the type of data needed to perform vulnerability
assessments? (choose 2) Choose all that apply:
 Scanner Appliance
 Passive Sensor
Scanner appliances are one type of sensor that Qualys provides to collect

security and compliance data. You can use appliances to perform vulnerability
scans and compliance scans, depending on your subscription setup. There
are 4 main steps to scanning, as shown in the diagram below.
Qualys Passive Scanning Sensor (PS) continuously monitors all network traffic and flags any asset
activity. It identifies and profiles devices the moment they connect to the network, including those
difficult to scan, corporate owned, brought by employees, and rogue IT. The data is sent
immediately to the Qualys Cloud Platform for centralized analysis.
23. Which Qualys application module is NOT included in the Default VMDR Activation Key?
Choose an answer:
 PCI Compliance (PCI)
 PCI Compliance Solution | Qualys, Inc.

https://www.qualys.com/solutions/pci-compliance
PCI compliance is mandatory for any business involved in payment card data storage,
processing or transfer, but it creates challenges for security teams. According to Verizon
Payment Security Report (PSR) 2020, only 27.9% of organizations achieved full PCI
compliance during their interim validation in 2019, down from 52.5% in 2017.
24. Which Asset Tag rule engine, will allow you to label or tag assets, using hardware, software,
and OS categories? Choose an answer:
 Asset Inventory
 Qualys Introduces CyberSecurity Asset Management

https://www.qualys.com/.../usa/qualys-introduces-cybersecurity-asset-management
Build a Comprehensive Up-to-Date Asset Inventory (Free Global AssetView app) –
Leverage multiple native Qualys sensors to collect and correlate asset data using
agentless technology, cloud agents and APIs to see an accurate inventory of managed and
unmanaged assets. Auto-classify assets by category across IT, cloud and IoT
environments for a ...
25. In the Qualys Asset Inventory application, if adequate data exists (for Qualys to properly
categorize an asset’s hardware or OS), but they have yet to be added to the asset catalog, they
will potentially be listed as __________ . Choose an answer:
 Unknown
26. Which of the following frequencies, can be used to schedule a Patch Deployment Job? (choose
3) Choose all that apply:
 Weekly
 Monthly
 Daily
27. Which phase of the VMDR Lifecycle is addressed by Qualys Patch Management (PM)? Choose
an answer:
 Response
28. Presently, you can add up to _____ patches to a single job. Choose an answer:
 **2000
29. Which Qualys technology provides a patch download cache, to achieve a more efficient
distribution of downloaded patches, to local agent host assets? Choose an answer:
There are 2 patch sources (local repository-Qualy Gateway Server and Vendor

Global CDN) · Using digital signatures and hashes, Qualys malware insights
validates downloaded patches · Downloaded patches are cached by Qualys G
ateway Servers and made available to local agents that need the same patch.
30. Which phase of the VMDR Lifecycle is addressed by Qualys Patch Management (PM)? Choose
an answer Which of the following conventions can be used to include or assign host assets to
a job? (choose 2) Choose all that apply:
 Asset Tag
 Asset Name
 In the patch report template, which evaluation provides the most accurate
patches that need to be installed?
(A) Superseded patch evaluation

(B) Latest patch evaluation
(C) QID based patch evaluation
(D) Classic patch evaluation
 (A) Superseded patch evaluation
 Which scorecard report type allows you to identify hosts that are missing required
patches and software?***
(A) Patch report

(B) Vulnerability scorecard report
(C) Missing software report
(D) Asset Search Report
 (A) Patch report
 Which of the following scenarios can lead to gaps in the patch tree structure and
break the patch supersedence logic? Select all that apply.
(A) Scan report with vulnerability search list or Threat Protection RTI filter
(B) Cloud Agent data collection followed by an authenticated scan
(C) Scan job with a custom vulnerability filter
(D) Unauthenticated scan
(E) Cloud Agent scan
 (A) Scan report with vulnerability search list or Threat Protection RTI filter
(C) Scan job with a custom vulnerability filter
 Identify the vulnerability types excluded by default in the VM/VMDR Dashboard.
Select all that apply.***
(A) Fixed vulnerabilities

(B) Disabled or Ignored vulnerabilities
(C) Vulnerabilities without exploits
(D) Low severity vulnerabilities
(E) Vulnerabilities without patches
 (A) Fixed vulnerabilities
(B) Disabled or Ignored vulnerabilities
 The ____________ vulnerability type is enabled by default in a new report
template.
(A) Confirmed
(B) Potential
(C) Patched
(D) Information Gathered
 (B) Potential
 Stale asset and vulnerability data can affect your security risk and business risk
calculations. ***
(A) False
(B) True
 (B) True
 Adding non-Qualys user's email in the distribution group helps you distribute the
scheduled report to such users. ***
(A) True
(B) False
 (A) True
 When using host-based findings, which of these needs to be turned on to toggle
the inclusion of Fixed vulnerabilities in the report?***
(A) Trending
(B)
(C)
(D)
 (A) Trending
 Which finding type allows you to include trending data in your reports?***
(A) Scanner based findings

(B) San-based finding
(C) Cloud Agent-based findings
(D) Host-based findings
 (D) Host-based findings
 Threat Protection RTIs are used in the___________ in VMDR to identify the
potential impact of discovered vulnerabilities, as well as vulnerabilities that have
known or existing threats. ***
(A) Prioritization report

(B) Remediation report
(C) Scorecard report
(D) Patch report
 (A) Prioritization report
Which of the following identifies the correct order of the VMDR Lifecycle phases?
Choose an answer:
Asset Management, Threat Detection & Prioritization, Vulnerability Management, Response
Asset Management, Vulnerability Management, Threat Detection & Prioritization, Response
Vulnerability Management, Threat Detection & Prioritization, Response, Asset Management
Vulnerability Management, Asset Management, Threat Detection & Prioritization, Response
Presently, you can add up to _____ patches to a single job.
Choose an answer:
2000
1250
1750
1500
Which Qualys sensors collect the type of data needed to perform vulnerability assessments? Select
two.
Choose all that apply:

Passive Sensor
Cloud Connector
Scanner Appliance
Cloud Agent
Question 6 of 30
Which “Active Threat” category includes attacks that require little skill and do not require additional
information?
Choose an answer:
Predicted High Risk
Easy Exploit
Public Exploit
Zero Day
Qualys provides virtual scanner appliances for which of the following cloud platforms? Select three.
Amazon AWS
Google Cloud Platform
Rackspace Cloud
Microsoft Azure
What does it mean, when a patch is displayed with a “key-shaped” symbol?
Choose an answer:
The patch is a key requirement for the deployment of other patches.
The patch cannot be uninstalled.
The patch has been deprecated.
The patch cannot be downloaded by Qualys Cloud Agent.

Qualys categorizes your software inventory by which of the following license types? Select two.
Premier
Trial
Commercial
Open Source
Which Qualys technology provides a patch download cache, to achieve a more efficient distribution of
downloaded patches, to local agent host assets?
Choose an answer:
Qualys Passive Sensor
Qualys Scanner Appliance
Qualys Gateway Server
Qualys Connector
Which of the following queries will display assets with a Relational Database Management System?
Choose an answer:
software:(category1:Databases / RDBMS)
software:(Databases / RDBMS)
software:(category:Databases / RDBMS)
Which of the following conventions can be used to include or assign host assets to a job? Select two.
Business Unit
Asset Name
Asset Tag
Asset Group
In the given question, the two conventions that can be used to include or assign host assets to a job in
Qualys are:
 Asset Group: Assets can be grouped together based on common characteristics such as location,
operating system, or application type. ...
 Asset Tag: Assets can be tagged with custom attributes, such as business unit or asset name,
making it easier to organize and manage assets within the Qualys platform. ...
 Using the “Search” field (found in the VULNERABILITIES section of VMDR), which query will
produce a list of “patchable” vulnerabilities?
 Choose an answer:
 vulnerabilities.vulnerability.qualysPatchable:TRUE
 vulnerabilities.vulnerability.isPatchable:TRUE
 vulnerabilities.vulnerability.qualysPatchable:FALSE
 vulnerabilities.vulnerability.isPatchable:FALSE
 After building a Prioritization Report, you want to monitor the contents of the report on a
regular basis. What will you do?
 Choose an answer:
 Create Dashboard widgets for all the contents of the report
 Export the report to dashboard and create a dynamic widget
 Schedule a report to run on a regular basis
 Run a report every time it is needed
You were unable to search some of your Operating Systems using a lifecycle query. Later, you found
out the reason. The lifecycle stage of the operating system you were searching was:
Choose an answer:
End-of-Life
End-of-Support
Obsolete
General Availability
The answer to this problem would be :- "retired"

 Explanation for step 1
This means that the operating system is no longer being actively supported or
developed by the manufacturer. It is no longer being updated or receiving security
patches, and it is no longer considered a viable option for new installations. If you were
searching for this operating system using a lifecycle query, it would not have returned
any results because it is no longer considered an active product.
Final answer
I hope I have answered you question and explained it properly.
Thank you & have a nice day!
When creating a patch job, a “Patch Window” set to the __________ option, will allow the Cloud
Agent as much time as it needs to complete the job?
Choose an answer:
None
Full
Unlimited
Complete
After Qualys Cloud Agent has been successfully installed on a target host, which of the following
“Patch Management” setup steps must be completed before host patch assessments can begin?
Select three.
Assign host to CA Configuration Profile (with PM enabled)
Activate PM module on host
Assign host to a PM Job
Assign host to an enabled PM Assessment Profile
In CSAM, the term “unidentified” means what? Select two.
There isn’t enough information gathered to determine the OS/hardware/software

Qualys couldn’t fully fingerprint the OS
There is enough information, but the data isn’t catalogued in CSAM yet
Qualys could fully fingerprint the OS but it’s not in your subscription
Introduction:
Only those who have been given permission can conduct an action on a certain
resource thanks to the principles in access management.
 Explanation for step 1
An organization's use of a variety of software programs to control user access and

digital identities is referred to as identity and access management. The main elements
that IAM controls are identification, authorization, and access to sensitive data.
Step 2/2
Ans.
It signifies that we do not have enough information to identify the hardware, software, or
operating system when something appears in GAV or CSAM as unidentified. If anything
is listed as unknown, it implies Qualys has not assigned a classification to the host, but
we do have sufficient information.
Following are the two different categories of Vulnerabilities that can be found in Qualys
KnowledgeBase:
BugTraq ID: It provides the security community with security-related information.
CVEID: It is a list of popular names for publicly acknowledged vulnerabilities and

exposures.
Your colleague has just completed the following steps to setup your Qualys account for patching: 1.
Installed Qualys Cloud Agent on target hosts. 2. Assigned all Agent hosts to a Configuration Profile
with PM configuration enabled. 3. Activated the PM application module for all Agent hosts. 4.
Assigned all hosts to an enabled Assessment Profile. Although Deployment Jobs have been created
and enabled, patches are not getting installed. What step did your colleague miss?
Choose an answer:
Targeted assets must be configured to consume a patching license
Targeted assets must be labeled with the ""Patchable"" Asset Tag

Targeted assets must be added to the ""Patch Management"" Asset Group
Targeted assets must be added to the Patch Catalog
A pre-deployment message appears at the start of a patch job. You have to create a deployment job
for a Windows user wherein he will receive a notification message to the user indicating that a reboot
is required. What communication option will you select?
Choose an answer:
Reboot Message
Reboot Countdown
Supress Reboot
Reboot Request
Your IT team has configured a patch window to run a deployment job within 5 hours. Due to some
reason you were not able to start the patch installation within that window. What status will they
host display?
Choose an answer:
Not Attempted
Timed Out
Retry
Failed
answer everything or leave it for someone who can
This solution was written by a subject matter expert. It's designed to help students like
you learn core concepts.
Anonymous answered this2,224 answers
Question: A feature --------------- referred to as
Answer: Option B
Explanation: A hierarchy filter is a sort of filter that displays hierarchical data in a tree
view that may be expanded. Date and time information, as well as geographical data
such as continents, nations, and cities, are good examples of data that may be utilized
in a hierarchy filter.
Question: A dynamic ----- when
Answer: Option D
Explanation: Each user can view the data they have access to thanks to dynamic
dashboards. You can control data visibility using a dynamic dashboard instead of
having to develop a new dashboard for each level of data access, complete with its own
running user and folder.
Question: Dashboards that --------------- referred to as
Answer: Option D
Explanation: The operational level refers to the day-to-day actions of implementing

emergency management. This component contains just the relevant details deemed
required for attaining operational success (via integration and coordination).
Question: Imagine a data ------------------------ dashboard.
Answer: Option B
Explanation: A dashboard is a visual representation of your whole data set. While it
may be utilized in a variety of ways, its primary goal is to enable quick access to
information, such as KPIs. A dashboard is often shown on its own website and gets
data from a connected database.
Question: A feature that -------------------------------- referred to as
Answer: Option D
Question : Which of the following Deployment Job steps will allow you to install
software and run a custom script? Select all that apply. Choose all that apply: A.
Select Assets. B. Select Post-actions. C. Select Pre-Actions. D. Select Patches.
Answer :
A. Select Assets.
D. Select Patches.
To install missing patches on assets, you can create a deployment job. From the
following tabs, you have three choices for creating the deployment job.
1) Jobs. 2) Assets.
Qualys VMDR 2.0
1.
Which type of Dashboard Widget can be configured to change color, as its tracked data
reaches specific conditions or threshold levels?
Bar Chart
Table
Count
Pie Chart
1. Bar chart.
A bar chart is a type of graphic data representation where various values are represented by
bars. Bar graphs are frequently used to compare data across time or between several
categories. Use of a conditional formatting rule is one method of configuring a bar chart to
change color as monitored data meets particular circumstances or threshold levels. The
requirements that must be satisfied in order for the bar to change color are laid forth in this
regulation.
Consider a bar chart that shows the quantity of new customer accounts produced each month.
If the number of new accounts is more than or equal to a certain threshold, you may build a
conditional formatting rule that turns the bar's color green
2.
Which of the following frequencies, can be used to schedule a Patch Deployment Job? Select all that
apply.
Weekly
Quarterly
Annually
Daily
Weekly and Daily
By checking the "Repeating Job" box next to the Start Date, you can create scheduled recurring jobs. For
successive runs, the work can be fine-tuned for the start date and time. It is possible to set recurring
tasks to run daily, weekly, or monthly. When enabled, you can set up (deployment and rollback) jobs to
execute right away or at a later time, either once or repeatedly. Create Run-Once and Recurring jobs
using the Patch Management module.
3. Which Qualys application module is NOT include in the Default VMDR Activation Key?
Patch Management
PCI Compliance
Cybersecurity Asset Management
Vulnerability Management
PCI Compliance
Cybersecurity asset management is part of the default VMDR activation key. In order to maintain the
security of your system, you may use this to manage and monitor your assets for any potential flaws as
well as to apply security updates and patches. The default VMDR activation key does not contain the PCI
compliance module. The module must be purchased individually. To give visibility into an organization's
IT security and compliance status, Qualys application modules are deployed. They let enterprises to
evaluate the risks to their IT security, find vulnerabilities, and monitor corrective actions. The Qualys
VMDR module is activated using the VMDR Activation key. A vulnerability management, detection, and
response (VMDR) system is based in the cloud. It helps customers quickly find and fix problems by giving
them realtime visibility into their physical and virtual infrastructure. The management and monitoring of
an organization's IT infrastructure's security is done using Qualys application modules. The Qualys
application's VMDR functionality is activated using the VMDR activation key. The Qualys program has a
module called VMDR that aids in the identification, analysis, and correction of vulnerabilities in
virtualized settings.
4. Which Qualys application, provides the Real-Time Threat Indicators (RTIs) used in the VMDR
Prioritization Report?
Patch Management
Asset Inventory
Threat Protection
The Qualys application called Vulnerability Management provides the Real-Time Threat Indicators (RTI)
used in the VMDR Prioritization Report. This program is in charge of looking for and identifying
vulnerabilities in software and systems and informing its users accordingly. Based on data collected by
the Vulnerability Management application, RTI data is used in the VMDR Prioritization Report to help
prioritize vulnerabilities for remediation. This report relies on RTI data, which shows how long it has
been since a vulnerability was originally found, how long it has been since a patch was made available,
how recently the vulnerability has been exploited, and how recently it has been spotted. Based on the
information provided, a risk score is assigned to each vulnerability, and the vulnerabilities with the
highest risk scores receive priority attention. The Qualys Vulnerability Management software makes it
easy for enterprises to quickly identify and patch security holes. Prioritizing the most critical
vulnerabilities in the VMDR Prioritization Report using RTI data can assist in enhancing the overall
vulnerability management process. Apart from Vulnerability Management, Qualys offers Patch
Management, Threat Protection and Asset Inventory. These applications, along with Vulnerability
Management, can provide a comprehensive security solution.
5. The Qualys CSAM application distinguishes your asset inventory using which of the following
categories? Select all that apply.
Software
Hardware
Firmware
Operating System
software
hardware
operating system
The Qualys CyberSecurity Asset Management (CSAM) platform is asset management rethought for the
purposes of security teams. Using Qualys CSAM, organizations are able to continuously inventory their
assets, apply business criticality and threat context, identify security gaps such as unauthorized
software, and respond with proper action to mitigate risk, which ultimately results in a reduction in their
threat debt. Raw sensor data is gathered by the Qualys CyberSecurity Asset Management program,
which adds its own data classification, standardization, and enrichment. For software, operating
systems, hardware and software application assets, Qualys offers Level 1 and 2 categories.
6. Which “Active Threat” category includes attacks that require little skill and do not require additional
information?
Predicted High Risk
Easy Exploit
Public Exploit
Zero Day
public exploit
7. Presently, you can add up to _____ patches to a single job.
2000
1250
1750
1500
2000
For agent hosts that are lacking patches, you can build a "Deployment Job". Currently, a single task can
only have 2000 fixes added. Creating jobs from the PATCHES and ASSETS areas of the PM application is
an alternative to the more typical JOBS section, which is where most jobs are built. Consider choosing
patches that have NOT been superseded to remove outdated, unnecessary patches for increased
patching efficiency.
8. Which Qualys technology provides a patch download cache, to achieve a more efficient distribution of

Qualys Gateway Server Qualys Connector
Step-by-Step explanation
Qualys is a security organization that provides clients with security services for their network devices.
Qualys gateway server can be defined as a gateway that passes through it the network traffic of the
agents. This makes it more efficient in distribution as it reduces work needed to be performed by the
clients.
The other options are incorrect as:
Qualys passive sensor is used to detect any unusual activity in the network traffic. Qualys scanner
appliance is used to scan networks.
Wua
9. Using the “Search” field (found in the VULNERABILITIES section of VMDR), which query will produce a
list of “patchable” vulnerabilities?
vulnerabilities.vulnerability.qualysPatchable:TRUE
vulnerabilities.vulnerability.isPatchable:TRUE
vulnerabilities.vulnerability.qualysPatchable:FALSE
vulnerabilities.vulnerability.isPatchable:FALSE
The "Search" field (found in the VULNERABILITIES section of VMDR) is the easiest way to find
vulnerabilities, but it doesn't always produce a comprehensive list of all vulnerabilities. To find all
patchable vulnerabilities, you can use a query like:
[vulnerabilities.vulnerability.qualys Patchable:TRUE]
Using the "Search" field (found in the VULNERABILITIES section of VMDR), we can find a list of
"patchable" vulnerabilities by searching for "patchable". This will produce a list of vulnerabilities.
The first vulnerability listed is CVE-2019-1653, which is a vulnerability that has been patched.
We can use the "isPatchable" field to see whether or not this vulnerability is patched by looking at the
patch status for this vulnerability. If this vulnerability has been patched, then it will be listed as TRUE;
otherwise, it would be FALSE
10. Which of the following queries will display assets with a Relational Database Management System?
software:(Databases / RDBMS), software:
(category2:Databases / RDBMS)
The correct answer is D),
Software:(category:Database/RDBMS)
Step-by-Step explanation Computer software:
(ADMINISTRATIVE SYSTEMS) Database/RDBMS queries will return assets that are stored in a relational
database management system.
A database's principal function is to store data. A relational database is made up of numerous tables
that hold information about various areas of the company's activities. One table, for example, could be
used to track inventory levels in each of your businesses, while another database could be used to track
client details. Both of these tables are in the same database because they have one thing in common:
the data they store is related to one another.
A relational database management system (RDBMS) allows a company to store and retrieve data from
various sources at the same time, making it easier for businesses with vast amounts of data to search
through them quickly and efficiently. This is especially helpful when searching for information in current
databases or constructing new ones based on existing ones.
11. By default, which of the following factors are used by the VMDR Prioritization Report, to prioritize
vulnerabilities? Select all that apply.
Vulnerability age
Real time Threat Indicators
Compliance Posture
Attack Surface
The factors includes;

Vulnerability age.
Real time Threat indicators.
As the VMDR Prioritization Report prioritizes vulnerabilities, these are the factors used to determine
which vulnerabilities are given highest priority:
vulnerability age and real time threat indicators. A vulnerability's age is determined by when it was last
updated with a fix, according to Microsoft's lifecycle policy. When a new one has not been fixed in over
180 days, it is considered expired and will be ranked lower than one that has been updated within this
timeframe. Real time threat indicators answer questions such as "what kinds of attacks does this
particular vulnerability allow?" This information can help a priority analysis differentiate between
vulnerabilities that pose different levels of risk.
In addition, the Compliance Posture field in the VMDR Prioritization Report allows for a more fine-
grained prioritization of vulnerabilities based on how they are actually used. Some vulnerabilities such as
those found in software that is deployed in the enterprise may represent an imminent threat to systems
and intellectual property. Others may be used by attackers to bypass security defenses or lay the
foundation for future attacks. Finally, the Attack Surface field provides information about the number of
systems exposed to attacks using a given vulnerability.
This can be particularly useful in prioritizing vulnerabilities in software that is widely deployed, such as
Microsoft Office or Internet Explorer. The purpose of assigning scores based upon factors such as
exposure, security weakness and attack surface is to establish a relative ranking of vulnerabilities
according to their overall risk
12 Which “Active Threat” category includes vulnerabilities that are actively attacked and have no patch
available?
Easy Exploit
Malware
Exploit Kit
Zero Day
Zero Day
A vulnerability in a system or device that has been publicly published but has not yet been fixed is
known as a zeroday vulnerability. A zero-day exploit is an exploit that targets a zero-day vulnerability.
Zero-day vulnerabilities are more dangerous for users since they were found before security researchers
and software developers were aware of them and before they could provide a fix.
Targeted assaults frequently leverage zero-day vulnerabilities, while many campaigns still make use of
older flaws. Since the seller or developer has only become aware of the flaw, they have zero days to
remedy it, hence the term zero-day. When hackers take advantage of the vulnerability before
developers have a chance to fix it, it is known as a zero-day assault. Zero-day is sometimes known as 0-
day.
13. Which of the following conventions can be used to include or assign host assets to a job? Select all
that apply.
Business Unit
Asset Name
Asset Tag
Asset Group
Asset Name and
Asset Tag.
In Microsoft Word, you can simply type the asset name to insert it into your document. When you do
so, a blue icon appears in the margin of your document that allows you to easily move assets around
later. The Asset Name convention is used in MS Word when text references an asset directly and when
the name of an asset is included as a link. This convention can also be used for assets with numerical
tags or names that are too long to fit on one line.
In Microsoft Excel, you can simply type the asset name to insert it into your document. When you do so,
a blue icon appears in the margin of your document that allows you to easily move assets around later.
The Asset Name convention is used in MS Excel when text references an asset directly and when the
name of an asset is included as a link. This convention can also be used for assets with numerical tags or
names that are too long to fit on one line. In SharePoint, you can use a document library to store the
asset. When you do so, the new library automatically includes an asset named Tarex. The Asset Tag
convention is used in SharePoint when text references an asset directly and when the name of an asset
is included as a link.
14. Qualys categorizes your software inventory by which of the following license types? Select all that
apply.
Premier
Trial
Commercia
Open Source
Open Source"
Free software, which can be used, modified, and distributed without cost is called open source software.
In contrast to proprietary software, also known as software that is owned by a single company or
person, open source software is typically developed through a collaborative effort by a community of
software developers. This signifies that anyone can contribute to the development of open source
software, and that anyone can use it for any purpose. Contributions can be made through GitHub, which
is a public code repository.
Using software with an open source licence comes with a number of advantages. To start, it is typically
more costeffective than purchasing proprietary software. This is due to the fact that open-source
software does not charge users to use or distribute it, and since it is frequently developed by volunteers,
users do not have to pay for the software's development. Because it is created by a community of
developers rather than a single company, open source software is typically more reliable and secure
than proprietary software. This is because the code is constantly being tested and improved upon by the
community.
There are also some disadvantages associated with using open-source software. For instance, due to the
fact that anybody can participate in the creation of open source software, there is no assurance that the
code will be of a particularly high standard. In addition, because there is no centralised authority
overseeing the development and distribution of open source software, it can be challenging to install
and configure the software.
15. You are in the process of inducting new employees on the Global AssetView application. In your
presentation you have to add the features of this application. Which features from the below mentioned
list will you include? Select all that apply.
Categorized and normalized hardware and software information
Ability to define and track unauthorized software
Asset Criticality Score
Discovery and inventory of all IT assets
The Global AssetView application is a powerful tool that can help organizations keep track of their IT
assets.
This application can categorize and normalize hardware and software information, allowing users to
more easily track and manage unauthorized software.
Additionally, the Asset Criticality Score feature can help organizations prioritize and manage their assets
more effectively.
Finally, the discovery and inventory features of Global Asset View can help organizations keep track of
all of their IT assets, making it easier to manage and maintain them.
16. You have been asked to create a “Zero-Touch” patch deployment job. You have
already scheduled this job to run once a week. What additional requirement must be
met?
Categorized and normalized hardware and software information Ability to define and track unauthorized
software
You have been asked to create a “Zero-Touch” patch deployment job. You have already scheduled this
job to run once a week. What additional requirement must be met?
Select patches using Asset Tags Defer patch selection to a later time Automate patch selection using
QQL
Automate patch selection using QQL
Advantages:
By updating the windows you will receive the latest release by the vendor and many bugs will be fixed as
soon you update the operating system.
Some new security features will also be added as according to the viruses that trend in market.
Auto updates also help the system to prevent the human manual task of installing the updates to the
system.
Automatic updates will run the Operating System to perform well, because last bugs will be fixed and no
more logical errors will be executed.
Without updating the system the system may not a except the Select patches manually
17. Once you establish your priority option you can generate your Prioritization Report. By default this
report
will produce a list of _________ that match your priority options.
Patches
Threat Feeds
Vulnerabilities
Assets
The answer is Assets.
All assets that fit your priority settings will be listed in the default Prioritization Report.
The study can help you determine which assets are most crucial to your company and establish priorities
accordingly. The report can be altered to incorporate other details like asset value, risk score, and other
metrics. This might assist you in further prioritizing your assets and determining which ones to
concentrate on first.
To create a report on priority:
1. Go to the Reports tab first.
2. From the list of available reports, choose the Prioritization Report.
3. Decide the alternatives of highest priority you want to include in the report
4. Select Generate Report.
5. The browser will generate and show the report.
18. Once you establish your priority option you can generate your Prioritization Report. By default this
report will produce a list of _________ that match your priority options.
Export the report to dashboard and create a dynamic widget
You can automatically identify the vulnerabilities that pose a material risk to your company and business
with the VMDR Prioritization report. In order to focus on the vulnerabilities that pose the greatest risk, it
correlates vulnerability information with threat intelligence and asset context.
The "Predicted High Risk" indication employs machine learning models to highlight vulnerabilities most
likely to become material risks, enabling many degrees of prioritizing. Indicators like Exploit, Actively
Attacked, and Wormable bubble up current vulnerabilities that pose risk.
19. After Qualys Cloud Agent has been successfully installed on a target host, which of
the following “Patch Management” setup steps must be completed, before host patch
assessments can begin? Select all that apply.
Create Dashboard widgets for all the contents of the report Export the report to dashboard and create a
dynamic widget Schedule a report to run on a regular basis Run a report every time it is needed After
Qualys Cloud Agent has been successfully installed on a target host, which of the following “Patch
Management” setup steps must be completed, before host patch assessments can begin? Select all that
apply.
Assign host to an enabled PM Assessment profile
Assign the enabled PM Assessment Profile to the target agent host. Create a "Assessment Profile"
before assigning target agents to PM jobs
Assign host to CA Configuration Profile (with PM enabled) Activate PM module on host
20. You have to prioritize the vulnerabilities by age before you go ahead and generate a Prioritization
Report. When you are prioritizing vulnerabilities by age, you have the options of: Select all that apply.
Before you go ahead and generate a prioritization, you need to prioritize the vulnerabilities by age.
If there's no way for you to know how old your vulnerable product is, it would be unwise to make an
assumption. You should instead ask them how old their product is and then work backward from that
date.
For example, if someone says their product was built in 2010, then they are probably too young to be
prioritized. The same applies if they say it was built in 2040—you don't want to prioritize vulnerabilities
based on dates!
The best way would be to create a list of all the vulnerabilities, then prioritize them as per their
importance, and then identify which ones need immediate attention.
When prioritizing vulnerabilities, you have to start with the ones that are most likely to be exploited by
hackers. If a hacker has access to your data, they can use it for their own purposes. To limit the damage
a hacker can do, you need to prioritize vulnerabilities by age.
You'll find that older vulnerabilities are more likely to have been exploited, so you should focus on them
first.
The vulnerability that you prioritize is the one that is most likely to affect your business or company's
operations, and it needs to be addressed first. If you don't address it, then other vulnerabilities will
come up and affect your business instead of this one
Vulnerability Age Detection Age
Priority Age Installation Age

21. In CSAM, the term “unidentified” means: Select all that apply.
There isn’t enough information gathered to determine the OS/hardware/software
CSAM will collect information about the operating system and hardware of all machines that it scans.
This information is used to determine which data you can use in your subscription plan, as well as how
to prioritize the data.
Information gathered from a machine's operating system and hardware is stored in the CSAM database
and catalogued according to the type of machine it is. For example, if a machine has an identified
Windows operating system, that information will be catalogued under "Windows." If it has an unknown
OS (i.e., one we don't have enough information about), that information will be catalogued under
"Unknown." If it has neither an identified OS nor an unknown OS, then it will be catalogued under
"Unidentified."
According to the Qualys Security Assessment Market Share Report, there are more than 300 million
devices on the internet today. Of those devices, only half of them have been fully fingerprinted by
Qualys.
22. You were unable to search some of your Operating Systems using a lifecycle query. Later, you found
out
the reason. The lifecycle stage of the operating system you were searching was:
End of life
End of support
Obsolete
End of support
Answer
End of support
Some operating systems are no longer supported, which is why you were unable to search for them. End
of support denotes the point at which the product's creator will no longer get security updates or
assistance. The product is no longer made, hence it is obsolete.
You can perform a search for the following operating systems to find out which ones are no longer
supported:
operatingSystems:* AND endOfSupport:[NOW-1YEAR TO *]
All operating systems that are no longer supported will be returned by this query
23
Which of the following conditions must be met, in order for Qualys Patch Management to successfully
patcha discovered vulnerability? Select all that apply.
The vulnerability should be less than 30 days
The vulnerability must be confirmed,
The vulnerability’s host must be running Qualys Cloud Agent
The vulnerability must be patchable You have to run a patch job on a regular basis. Which of the
following will you follow in order to make your work efficient? Select all that apply.
Selected answers:
The vulnerability must be confirmed.
The vulnerability must be patchable
Selected answers:
The vulnerability must be confirmed.
Explanation of each:
The vulnerability should be less than 30 days:
The vulnerability must therefore be no older than 30 days.
The vulnerability must be confirmed:
This indicates that Qualys should confirm and validate the vulnerability.
The vulnerability must be patchable:
This indicates that Qualys should be able to remedy the vulnerability
24. You have to run a patch job on a regular basis. Which of the following will you follow
in order to make your work efficient? Select all that apply.
Use Asset Tags as targets for patch deployment jobs Use the dashboard to
monitor
Schedule patch job on a monthly basis
Once test deployments are verified
Use Asset Tags as targets for patch deployment jobs
Use the dashboard to monitor
Once test deployments are verified Clone the deployment job and include production asset tags
25 The Threat Feed leverages data from multiple sources. Which of the following sources are used?
Select all that apply.
Other Sources
Exploit Sources
Malware Sources
Qualys Threat and Malware Research Team
Qualys Threat and Malware Research Team.
The other sources may be used, but are not specifically mentioned.
Exploit sources are websites that provide relevant data about exploits, which are malicious programs or
code that can
be used to take advantage of a security problem. Exploit sources can be used to discover newly
discovered
vulnerabilities and educate oneself on how to exploit those flaws.

Malware sources are websites that provide information about malware, which can be defined as
software that is
intended to cause damage to systems or render them inoperable. Researchers can use malware sources
to discover
new malware and obtain knowledge about how to defend themselves against it.
The Qualys Threat and Malware Research Team is comprised of a group of highly trained security
professionals who
do research on emerging dangers and vulnerabilities in order to devise countermeasures. On its website,
the team
shares information about the most recent dangers and offers advice on how to stay safe from them
26. You have deployed several thousand Qualys Cloud Agents, and now you would like to conserve
network bandwidth by allowing your agents to store and share their downloaded patches (from a
central location). Which Qualys technology is the best fit to solve this challenge?
Qualys Cloud Connector
The answer is
Qualys Cloud Connector.
The Qualys Cloud Connector is designed to allow Qualys Cloud Agents to store and share downloaded
patches from a central location. This can help conserve network bandwidth and reduce the need for
multiple downloads of the same patches.
Qualys Passive Sensor and Qualys Gateway Server are not designed to allow Qualys Cloud Agents to
store and share downloaded patches from a central location. Qualys Scanner Appliance is designed to
allow Qualys Cloud Agents to scan for vulnerabilities, but not to store and share downloaded patches
27.
You have to analyse the threat intelligence information provided by Qualys Threat and Malware Labs.
Where will you find this information?
VMDR > Vulnerabilities tab > Asset
VMDR > Dashboard tab
VMDR > Prioritization tab > Threat Feed
VMDR > Prioritization tab > Reports
VMDR>Prioritization tab>Threat Feed
The information will be found under the "Threat Feed" tab on the "Prioritization" page. This is the most
likely location for such information, as it is specifically designed to provide users with information on
malware threats
28. Your colleague has just completed the following steps to setup your Qualys account for patching:
1. Installed Qualys Cloud Agent on target hosts.
2. Assigned all Agent hosts to a Configuration Profile with PM configuration enabled.
3. Activated the PM application module for all Agent hosts.
4. Assigned all hosts to an enabled Assessment Profile. Although Deployment Jobs have been created
and enabled, patches are not getting installed. What step did your colleague miss?
Targeted assets must be configured to consume a patching license Targeted assets must be labelled with
the ""Patchable"" Asset Tag Targeted assets must be added to the ""Patch Management"" Asset Group
Targeted assets must be added to the Patch Catalogue
If you don't set up a patch management group, your agents won't be able to complete their patching
obligations.
When patches are distributed and applied, this is referred to as patch management. Software problems
(also known as "vulnerabilities" or "bugs") are frequently fixed with patches.
Operating systems, applications, and embedded devices are all common candidates for patching (like
network equipment). When a flaw in a piece of software is discovered after it has been released, a patch
can be applied to remedy the situation. By doing this, you can protect your environment's assets from
being exploited.
29. A pre-deployment message appears at the start of a patch job. You have to create a deployment job
for a Windows user wherein he will receive a notification message to the user indicating that a reboot is
required. What communication option will you select?
Reboot message
Reboot Countdown
Supress Reboot
Reboot Request
Reboot Countdown
The Reboot Countdown option will send a notification message to the user indicating that a reboot is
required, and will provide a countdown timer until the reboot is scheduled to occur. This option will
allow the user to save their work and close any applications before the reboot occurs
30. Your IT team has configured a patch window to run a deployment job within 5 hours. Due to some
reason you were not able to start the patch installation within that window. What status will they host
display?
Not attempted
Timed out
Retry
Failed
Failed
If the deployment job is unable to be finished within the allotted time frame of five hours, the status of
the patch installation will be changed to unsuccessful. If the patch installation is not started within the
allotted time window of five hours, the status will become invalid
1)Which Qualys application, provides the Real-Time
Threat Indicators (RTIs) used in the VMDR
Prioritization Report?
Patch Management
Asset Inventory
Threat Protection
2) Which phase of the VMDR Lifecycle is addressed by
Qualys Patch Management (PM)?
response
3) If adequate data exists (for Qualys to properly
categorize an asset’s hardware or OS), but they have
yet to be added to the asset catalog, they will
potentially be listed as __________ .
Choose an answer:
Unknown
Unidentified
Unavailable
Uncertain
Anser Unknow
4) Which Qualys sensors collect the type of data needed
to perform vulnerability assessments? Select all that
apply.
Passive Sensor
Cloud Connector
Scanner Appliance
Cloud Agent
5) Qualys provides virtual scanner appliances for which of the following cloud
platforms? Select all that apply.
Amazon AWS
Google Cloud Platform
Rackspace Cloud
Microsoft Azure
6) Which Qualys technology provides a patch download
cache, to achieve a more efficient distribution of
Choose an answer:
Qualys Connector
7) Which of the following Deployment Job steps will
allow you to install software and run a custom script?
Select Assets
Select Post-actions
Select Pre-Actions
Select Patches
8) What does it mean, when a patch is displayed with a
“key-shaped” symbol?
Choose an answer:
The patch is a key requirement for the deployment of other
patches.

The patch cannot be downloaded by Qualys Cloud
Agent.
9) Using the “Search” field (found in the
VULNERABILITIES section of VMDR), which query will
produce a list of “patchable” vulnerabilities?
Choose an answer:
vulnerabilities.vulnerability.qualysPatchable:TRUE
vulnerabilities.vulnerability.isPatchable:TRUE
vulnerabilities.vulnerability.qualysPatchable:FALSE
vulnerabilities.vulnerability.isPatchable:FALSE
10) Which “Active Threat” category leverages
machine learning to determine if presently nonexploitable vulnerabilities should be prioritized?
Choose an answer:
Predicted High Risk
Malware
Zero Day
Exploit Kit
11) What are the prerequisites to integrate Qualys
with ServiceNow CMDB? Select all that apply.
ServiceNow user account with Qualys API access
enabled
Qualys CMDB Sync or Service Graph Connector app
installed in ServiceNow
Qualys user account with API access disabled
Qualys subscription with CyberSecurity Asset
Management license
12) Which of the following queries will display assets

with a Relational Database Management System?
Choose an answer:
13) Once you establish your priority option you can generate your
Prioritization Report. By default this report will produce a list of _________ that
match your priority options.
Choose an answer:
This study source was downloaded by 100000863741089 from CourseHero.com on 03-14-2023 05:43:06
GMT -05:00
https://www.coursehero.com/documents/171944769/VMDR-exam20docx/
Patches
Threat Feeds
Vulnerabilities
Assets
14) To consume a patching license, one or more host ________ ________ must
be added to the “Licenses” tab (within the Patch Management application).
Choose an answer:
Business Units
Asset Tags
Asset Names
Asset Groups
15) When creating a patch job, a "Patch Window" set to the __________
option, will allow the Cloud Agent as much time as it needs to complete the
job.
(A) Complete
(B) Unlimited
(C) None
(D) Full
(B) Unlimited
16) After building a Prioritization Report, you want to
monitor the contents of the report on a regular basis.
What will you do?
Choose an answer:
Create Dashboard widgets for all the contents of the
report
Export the report to dashboard and create a dynamic
widget
Schedule a report to run on a regular basis
Run a report every time it is needed
17) You were unable to search some of your Operating Systems using a
lifecycle query. Later, you found out the reason. The lifecycle stage of the
operating system you were searching was:
Choose an answer:
End-of-Life
End-of-Support
Obsolete YEH HO SAKTA HAI
18) You are in the process of inducting new employees on the Global Asset
View application. In your presentation you have to add the features of this
application. Which features from the below mentioned list will you include?

19) You have been asked to create a “Zero-Touch” patch deployment job.
You have already scheduled this job to run once a week. What additional
requirement must be met?
Choose an answer:
Select patches using Asset Tags
Defer patch selection to a later time
Automate patch selection using QQL
Select patches manually
20) You have deployed several thousand Qualys Cloud Agents, and now
you would like to conserve network bandwidth by allowing your agents to
store and share their downloaded patches (from a central location). Which
Qualys technology is the best fit to solve this challenge?pa
Choose an answer:
Qualys Cloud Connector
21) Your IT team has configured a patch window to run a deployment job
within 5 hours. Due to some reason you were not able to start the patch
installation within that window. What status will they host display?
Choose an answer:
Not Attempted
Timed Out
Retry
Failed
22) Which of the following conditions must be met, in order for Qualys
Patch Management to successfully patch a discovered vulnerability? Select all
that apply.
The vulnerability must be confirmed
The vulnerability’s host must be running Qualys Cloud Agent
23) A pre-deployment message appears at the start of a patch job. You
have to create a deployment job for a Windows user wherein he will receive a
notification message to the user indicating that a reboot is required. What
communication option will you select?
Choose an answer:
Reboot Message
Reboot Countdown
Supress Reboot
Reboot Request
24) You have to run a patch job on a regular basis. Which of the following
will you follow in order to make your work efficient? Select all that apply.
Use Asset Tags as targets for patch deployment jobs
Use the dashboard to monitor
This study source was downloaded by 100000863741089 from CourseHero.com on 03-14-2023 05:43:06
GMT -05:00
https://www.coursehero.com/documents/171944769/VMDR-exam20docx/
Once test deployments are verified, clone the deployment job and include
production asset tags
25) The Threat Feed leverages data from multiple sources. Which of the
following sources are used? Select all that apply.
Other Sources
Exploit Sources
Malware Sources
Qualys Threat and Malware Research Team
26) You have to analyze the threat intelligence information provided by
Qualys Threat and Malware Labs. Where will you find this information?
Choose an answer:
VMDR > Vulnerabilities tab > Asset
VMDR > Dashboard tab
VMDR > Prioritization tab > Threat Feed
VMDR > Prioritization tab > Reports
27) Your colleague has just completed the following steps to setup your
Qualys account for patching: 1. Installed Qualys Cloud Agent on target hosts.
2. Assigned all Agent hosts to a Configuration Profile with PM configuration
enabled. 3. Activated the PM application module for all Agent hosts. 4.
Assigned all hosts to an enabled Assessment Profile. Although Deployment
Jobs have been created and enabled, patches are not getting installed. What
step did your colleague miss?
Choose an answer:
Targeted assets must be configured to consume a patching license
Targeted assets must be labeled with the ""Patchable"" Asset Tag
Targeted assets must be added to the ""Patch Management"" Asset
Group
Targeted assets must be added to the Patch Catalog
28) The Qualys CSAM application distinguishes your asset
inventory using which of the following categories? Select all that
apply.
Software Hardware Firmware Operating System
29) Which of the following frequencies, can be used to schedule a

Patch Deployment Job? Select all that apply.
Weekly
Quarterly
Annually
Daily
30) By default, which of the following factors are used by the
VMDR Prioritization Report, to prioritize vulnerabilities? Select all
that apply.
Vulnerability Age
Real-Time Threat Indicators
Compliance Posture
Attack Surface
31) [7:42 PM] DEEP MATHUR
32) Which of the following conventions can be used to include or
assign host assets to a job? Select all that apply.
Choose all that apply:Business UnitAsset NameAsset TagAsset Grou
Asset Name Asset Tag
33) Qualys categorizes your software inventory by which of the
following license types? Select all that apply.
Premier
Trial
Commercial
Open Source
34) After Qualys Cloud Agent has been successfully installed on a
target host, which of the following “Patch Management” setup steps
must be completed, before host patch assessments can begin? Select

all that apply.
Assign host to CA Configuration Profile (with PM enabled)
Activate PM module on host
35) You have to prioritize the vulnerabilities by age before you go
ahead and generate a Prioritization Report. When you are prioritizing
vulnerabilities by age, you have the options of: Select all that apply.
Vulnerability Age
Detection Age
Priority Age
Installation Age
36) In CSAM, the term “unidentified” means: Select all that apply.
There isn’t enough information gathered to determine the
OS/hardware/software
Which of these is a reason for using a Patch Management solution?
(A) To monitor logs on the asset

(B) To scan for viruses
(C) To close open ports and services
(D) To address vulnerabilities
(D) To address vulnerabilities
Which of these Qualys solutions would you use to address vulnerabilities on your
assets?
(A) Vulnerability Management

(B) Patch Management
(C) Endpoint Detection and Response
(D) Policy Compliance
(B) Patch Management
Not studied (35)
You haven't studied these terms yet!
Select these 35
Which of these sensors does Qualys use to deploy patches?
(A) Scanner appliances

(B) Cloud connectors
(C) Passive sensor
(D) Cloud agent
(D) Cloud agent
Which of these actions is commonly performed after deploying patches?
(A) Asset is decommissioned

(B) Asset is scanned
(C) Asset is rebooted
(D) Asset is reimaged
(C) Asset is rebooted
Which of these is a recommended approach to patching assets?
(A) Uninstall old patches and apply new

(B) Do not apply patches unless necessary
(C) Apply patches on a set of test assets, verify that the patches do not cause issues,
and patch the remaining assets
(D) Apply patches on all assets right away
(C) Apply patches on a set of test assets, verify that the patches do not cause issues,
and patch the remaining assets
Qualys Patch Management correlates missing patches with vulnerabilities.
(A) False
(B) True
(B) True
Which of these is true about Qualys Patch Management?
(A) it can install the operating system and third-party application patches
(B) it can install third-party application patches only
(C) it can install operating system patches only
(A) it can install the operating system and third-party application patches
Which of these is used by Qualys Patch Management to deploy patches?
(A) Scanner appliance

(B) Cloud connector
(C) Cloud Agent
(C) Cloud Agent
Which of these is NOT a stage in the VMDR lifecycle?
(A) Governance
(B) Vulnerability & Config Assessment
(C) Threat Risk and Prioritization
(D) Asset Inventory
(E) Patch Management
(A) Governance
Which of these can be used as a local repository to download patches?
(A) Qualys Cloud Agent

(B) Qualys Scanner appliance
(C) Qualys Gateway Server
(D) Qualys Passive Sensor
(C) Qualys Gateway Server
By default, how often are agents check for missing patches?
(A) 8 hours
(B) 6 hours
(C) 4 hours
(D) 24 hours
(C) 4 hours
Which of these is true about the patch catalog?
(A) by default, superseded patches are shown

(B) by default, superseded patches are hidden
(B) by default, superseded patches are hidden
Which of these would you use to assign Patch Management licenses to hosts?
(A) hostnames
(B) IP addresses
(C) asset tags
(D) asset groups
(C) asset tags
You want to change the default assessment duration for missing patches? Which of the
following will you perform?
(A) Create a new activation key

(B) Create and assign a new assessment profile
(C) Redeploy the agent
(D) Create a new configuration profile
(B) Create and assign a new assessment profile
What is the default "Cache size" allocated for Patch Management?
(A) 2048 MB
(B) 1024 MB
(C) 512 MB
(D) 256 MB
(A) 2048 MB
PM Work Flow
Step 1: Install Cloud Agent on the target host
Step 2: Assign target agent host to a CA Configuration Profile that has PM enabled
Step 3: Assign PM license to the host
Step 4: Configure patch deployment job
Which of these is true?
(A) a patch deployment job can be configured to suppress asset reboot

(B) a patch deployment job cannot suppress asset reboot
(A) a patch deployment job can be configured to suppress asset reboot
Which of these is true about patch deployment jobs?
(A) by default, all users can edit a patch deployment job

(B) by default, only the user who created the patch deployment job can edit it
(B) by default, only the user who created the patch deployment job can edit it
You want to create a deployment job that includes patches based on criteria. For
example - security patches with critical severity.
Which patch selection option would you use?.
(A) manual patch selection

(B) automatic patch selection
(B) automatic patch selection
(A) patch deployment jobs cannot be scheduled; they must run on-demand
(B) patch deployment jobs can be scheduled for a future date
(B) patch deployment jobs can be scheduled for a future date
Which of these is true about patch deployment jobs?
(A) only some patch jobs can be cloned

(B) all patch jobs can be cloned
(B) all patch jobs can be cloned
Which of these can you use to include hosts in a patch deployment job?(Select 2)
(A) Asset groups

(B) Asset Tags
(C) Hostnames
(D) IP addresses
(B) Asset Tags
(C) Hostnames
The prioritized products report allows you to view the total number of product
vulnerabilities (active and fixed) detected in your environment over the last
_______________.
(A) Two Weeks

(B) Two Months
(C) Two Days
(D) Two years
(D) Two years
Why would you use the "Enable opportunistic patch download" option?
(A) to have the agent download the patch before the scheduled job begins
(B) to have the agent download the patch after the scheduled job begins
(A) to have the agent download the patch before the scheduled job begins
Which of these would you use to identify patchable applications that introduce the most
number of vulnerabilities in your subscription?
(A) patch catalog

(B) patch report
(C) prioritized products report
(C) prioritized products report
Which of the following Qualys applications or services provide the ability to create a
patch job? (Select three)
(A) EDR
(B) PM
(C) VMDR
(D) Vm
(B) PM
(C) VMDR
(D) Vm
VMDR Prioritization Report helps you to:
(A) Download patches from Vendor Global CDNs
(B) Create tickets for high-risk vulnerabilities
(C) Identify patches required to fix high-risk vulnerabilities
(D) Identify vulnerabilities that pose the maximum risk to your business
(E) Run scans to identify high-risk vulnerabilities
(C) Identify patches required to fix high-risk vulnerabilities
(D) Identify vulnerabilities that pose the maximum risk to your business
Which query would you use to identify vulnerabilities that can be patched by Qualys
Patch Management?
(A)vulnerabilities.vulnerability.qualysPatchable:TRUE
(B)Patchable.vulnerabilities.qualys:FALSE
(C)vulnerabilities.vulnerability.qualysPatchable:FALSE
(D)Patchable.vulnerabilities.qualys:TRUE
(A)vulnerabilities.vulnerability.qualysPatchable:TRUE
(A) all vulnerabilities have a patch

(B) not all vulnerabilities have a patch
(B) not all vulnerabilities have a patch
VMDR Prioritization report automatically prioritizes the high-risk vulnerabilities for the
most critical assets.
(A) Correct
(B) Incorrect
(A) Correct
Zero Touch Patching helps: (Select two)
(A) To update endpoints and servers proactively as soon as patches are available
(B) Automatically create tickets for missing patches
(C) Automate patch vulnerabilities based on the Real Time Threat Indicators (RTIs)
(D)Runs security scans after every four hours
(E) Automatically export patch information
(A) To update endpoints and servers proactively as soon as patches are available
(C) Automate patch vulnerabilities based on the Real Time Threat Indicators (RTIs)
Which query will list patches that Qualys can uninstall?
(A) isUninstall: true

(B) isRollback: true
(C) isRollback: false
(D) isUninstall: false
(B) isRollback: true
Which of these is true about a zero-touch patch job?
(A) a zero-touch patch job can only be scheduled for a future date
(B) a zero-touch patch job automatically includes required patches using a QQL query
(C) you can manually select patches to include in the zero-touch patch job
(B) a zero-touch patch job automatically includes required patches using a QQL query
Which of the following statements about uninstalling patches is true?
(A) Not all patches in the Patch Catalog can be uninstalled.

(B) Uninstallable patches are shown with a key-shaped symbol
(C) All patches in the Patch Catalog can be uninstalled.
(A) Not all patches in the Patch Catalog can be uninstalled.
Which phase of the VMDR Lifecycle is addressed by Qualys Patch Management (PM)?
Choose an answer:
Response
Asset Management
Threat Detection & Prioritization
Step by step explanation:
Qualys Virtual Passive Scanning Sensors (for discovery), Qualys Virtual Scanners, Qualys Cloud Agents,
Qualys Container Sensors, and Qualys Virtual Cloud Agent Gateway Sensors for bandwidth optimization
are all included with VMDR in a UNLIMITED amount.
It consists of an automated workflow for asset discovery, vulnerability management, threat

prioritization, and remediation that runs continuously and without interruption. Organizations may
reduce their risk of penetration by using the VMDR lifecycle to effectively stop breaches and swiftly
address threats.
Four main phases are addressed by the VMDR lifecycle:
• Discovery: Scan the network for all resources and vulnerabilities.
• Analysis: Examining the outcomes of scans to identify the vulnerabilities that present the most danger
• Remediation: Addressing flaws, usually by patching
• Reporting: Producing reports to demonstrate development over time
In order to solve the remediation part of the VMDR lifecycle, Qualys Patch Management (PM) was
created. By determining which systems require patches, downloading and applying the necessary
patches, and then reporting on the status of all systems' patching, PM automates the process of
patching systems.
Which of the following frequencies, can be used to schedule a Patch Deployment Job? Select
all that apply.
Weekly
Quarterly
Annually
Daily
It is possible to schedule deployment jobs to run on demand, and recurring jobs can be used repeatedly
on a daily, weekly, or monthly basis. The job will be recorded as timed out if the installation of a patch
does not start within the specified patch window.
When deciding whether to schedule or conduct a deployment job on demand, there are a few factors to
take into account. First, think about how significant the deployment is. It may be ideal to plan the
deployment for a crucial security patch to run when there will be the least amount of user effect. In
contrast, it might be preferable to do the deployment on demand if it's for a much-anticipated new
feature that users will utilize right away.
The magnitude of the deployment is another factor to take into account. It may be ideal to plan a major
deployment so that it can be finished during off-peak hours. Users' effects will be lessened as a result,
and the deployment team will have more time to troubleshoot any problems.
You must choose how frequently to conduct a deployment after deciding to schedule it. A deployment
can be run on a daily, weekly, or monthly basis using recurring jobs. The recurring job's frequency ought
to be determined by how frequently the underlying code is updated. For instance, the deployment
should take place every day if the code is changed every day. On the other side, the deployment can be
carried out each week if the code is updated each week.
Which Qualys sensors collect the type of data needed to perform vulnerability
assessments? Select all that apply.
Passive Sensor
Cloud Connector
Scanner Appliance
Cloud Agent
One class of sensor that Qualys offers to gather security and compliance information is scanner
appliances. Depending on how your subscription is set up, appliances can be used to conduct
compliance and vulnerability scans.
Appliance scanners from Qualys come in a variety of designs, including:
- On-site scanning devices that use physical scanners
- virtual scanners that can scan virtualized environments
- tools for inspecting environments that use the cloud
You must choose the appliance scanner type that best suits your demands because each type has
advantages and disadvantages of its own. For enterprises with on-site data centers, physical scanners
work best, but virtual scanners work better with cloud-based architecture.
You must install the appliance scanner you've chosen in your environment after making your choice.
Make sure to carefully follow the instructions provided by Qualys while deploying appliance scanners
because they are very extensive.
The appliance scanner needs to be set up to scan the proper targets after it has been deployed. Once
more, Qualys offers comprehensive setup instructions for appliance scanners.
The appliance scanner will start gathering information about your environment as soon as you've
configured it. Information about compliance problems and vulnerabilities is included in this material.
This information will be used by Qualys to provide reports that you can use to evaluate the security and
compliance posture of your company.
Which “Active Threat” category includes attacks that require little skill and do not require
additional information?
Choose an answer:
Predicted High Risk
Easy Exploit
Public Exploit
Zero Day
A zero day attack is an attack that occurs on the same day that a new software vulnerability is
discovered. attackers can take advantage of this vulnerability before it is patched.
What does it mean, when a patch is displayed with a “key-shaped” symbol?
Choose an answer:
The patch is a key requirement for the deployment of other patches.
The patch cannot be downloaded by Qualys Cloud Agent.
Answer:
The patch is a key requirement for the deployment of other patches. This means that the patch must be
installed in order for other patches to be deployed successfully. It indicates that the patch is critical for
the overall system, and cannot be uninstalled or bypassed.
The patch with the key-shaped symbol indicates that it is a key requirement for the deployment of other
patches. This means that the patch must be installed in order for other patches to be deployed
successfully. This is because the patch is critical for the overall system. It is essential for the system to
function correctly and efficiently, and it cannot be uninstalled or bypassed.
The patch is a critical component of the system because it ensures that the system is able to maintain its
stability and functionality. Without the patch, other components of the system may not work properly
or may not work at all, resulting in system instability and potential data loss. The patch also guarantees
that the system is secure and up-to-date with the latest security protocols and updates. By installing the
patch, the system is able to stay secure and protected against potential cyber threats, as well as other
malicious activities.
The patch is also important for ensuring that the system functions optimally. The patch contains updates
and fixes that are necessary for the system to run smoothly and efficiently. Without the patch, the
system would be vulnerable to glitches and errors, resulting in slower performance and potential data
loss. Installing the patch helps the system maintain its optimal performance level, and allows it to
continue to run smoothly and reliably.
Finally, the patch ensures that the system is compatible with other software and hardware components.
Without the patch, the system may not be able to recognize certain hardware and software
components. This could lead to conflicts between components, slowing down the system and potentially
resulting in complete system failure. Installing the patch helps the system maintain compatibility with all
components, ensuring that the system is able to recognize and utilize all of its available resources.
In short, the patch with the key-shaped symbol is a critical component of the system. It is essential for
the system to maintain its stability and functionality, as well as its security and optimal performance. It is
also necessary for the system to be compatible with other hardware and software components.
Installing the patch is key to keeping the system secure, stable, and up-to-date with the latest security
protocols and updates.
Overall, the patch with the key-shaped symbol is an important part of the system and cannot be
uninstalled or bypassed. Installing the patch is essential for the system to work properly and efficiently,
and to maintain its optimal performance. Without the patch, the system is vulnerable to errors, data
loss, and potential security risks. Therefore, it is important to make sure that the patch is installed in
order for the system to remain secure, stable, and compatible with all components.
In conclusion, the patch with the key-shaped symbol is a key requirement for the deployment of other
patches. This is because the patch is critical for the overall system, and cannot be uninstalled or
bypassed. The patch ensures that the system is secure, stable, and up-to-date with the latest security
protocols and updates. It is also necessary for the system to be compatible with other hardware and
software components. Ultimately, installing the patch is essential for the system to remain secure,
stable, and optimized.
Which of the following queries will display assets with a Relational Database Management
System?
Choose an answer:
In a relational database a query is a command used to request information from the database. A query
can be a simple request for data from a single table, or it can be a complex request that joins data from
multiple tables.
Qualys categorizes your software inventory by which of the following license types? Select
all that apply.
Premier
Trial
Commercial
Open Source

Commercial Licenses are licenses that are typically purchased from a vendor and are generally tailored
to the customer's particular needs. A commercial license will often include certain restrictions or
limitations, such as the right to use only a certain number of copies of the software, with additional
licenses needing to be purchased if additional copies are required. The license may also contain
provisions on how the software can be used, including where it can be used, how it can be used, and
who is allowed to use it. Additionally, the license may include provisions about how the software can be
modified, distributed, and protected. Trial licenses are licenses that are typically offered by vendors for a
limited period of time, usually for a period of 30 days or less. The purpose of a trial license is to allow
potential customers to evaluate the software before purchasing a commercial license. A trial license
typically will not include all of the features or options that are available with a commercial license, but it
will allow the potential customer to get an idea of what the software can do and to decide whether or
not to purchase a commercial license.
Open source licenses are licenses that are typically offered to the public without any fee or other
restrictions. Open source licenses are often used to promote the sharing of software and to allow others
to modify, extend, and improve upon existing code. In many cases, open source licenses also allow users
to redistribute the software and to use it for commercial purposes. Premier licenses are licenses that are
typically offered by vendors to their most trusted customers. These customers may have a long-standing
relationship with the vendor or may have purchased a large number of licenses in the past. Premier
licenses typically offer greater flexibility than other types of licenses, including the ability to customize
the software to meet the customer's specific needs. Additionally, premier licenses may include
additional features that are not available with other types of licenses. Qualys categorizes software
inventory by all of these license types, as each type of license offers distinct advantages that may appeal
to different types of customers. With Qualys, customers can easily evaluate which type of license best
meets their needs, so that they can make an informed decision when purchasing software
Which “Active Threat” category leverages machine learning to determine if presently nonexploitable
vulnerabilities should be prioritized?
Choose an answer:
Predicted High Risk
Malware
Zero Day
Exploit Kit
Answer:
"Easy Exploit" would be the category that includes attacks that require little skill and do not require
additional information.
"Easy Exploit" would be the category that includes attacks that require little skill and do not require
additional information.
An "Active Threat" refers to a specific type of cyber threat that is actively attempting to exploit
vulnerabilities in a computer system or network. There are various categories of active threats based on
the level of difficulty and complexity of the attack.
"Easy Exploit" attacks are typically low-level threats that can be executed with minimal skill or
knowledge. These attacks may involve well-known vulnerabilities or exploits that have been widely
publicized, and may not require any additional information beyond what is readily available online.
"Predicted High Risk" and "Public Exploit" are not valid categories for active threats. "Zero Day" refers to
a previously unknown vulnerability that is being actively exploited, and is not a category for active
threats.
By default, which of the following factors are used by the VMDR Prioritization Report, to
prioritize vulnerabilities? Select all that apply.
Vulnerability Age
Real-Time Threat Indicators
Compliance Posture
Attack Surface
Answer:
Vulnerability Age Real - Time Threat Indicators Compliance Posture
(Answer is in the document)
Which Qualys technology provides a patch download cache, to achieve a more
efficient distribution of downloaded patches, to local agent host assets?
Choose an answer:
Qualys Connector
Once you establish your priority option you can generate your Prioritization Report. By
default this report will produce a list of _________ that match your priority options.
Choose an answer:
Patches
Threat Feeds
Vulnerabilities
Assets
To consume a patching license, one or more host ________ ________ must be added to the
“Licenses” tab (within the Patch Management application).
Choose an answer:
Business Units
Asset Tags
Asset Names
Asset Groups

Asset tags will help identifying the types of affected issue that this patch can resolved so it is necessary
tobe included on the "license" tab or information.
You are in the process of inducting new employees on the Global AssetView application. In
your presentation you have to add the features of this application. Which features from the
below mentioned list will you include? Select all that apply.

VMDR Q&A

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Read this document in other languages

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

VMDR Q&A

Uploaded by

Copyright:

Available Formats

D

Vulnerability Management Detection & Response

Questions & Answer

 Uninstall existing patches

 Install or deploy missing patches

 Activate PM module on host

 Assign host to CA Configuration Profile (with PM enabled)

 Assign host to an enabled PM Assessment Profile

 Real-Time Threat Indicators

 The patch cannot be downloaded by Qualys Cloud Agent.

 Google Cloud Platform

 Perform scans in “authenticated” mode.

 Configure network filtering devices to let scan traffic through.

 Predicted High Risk

 VMDR “Welcome” page

 Activation Keys tab of the Cloud Agent application**

 Switch (SPAN Port)

 Asset Management, Vulnerability Management, Threat Detection & Prioritization, Response

 A VPN connection to your corporate network is required to download patches.

 Default VMDR Activation Key

 Google Cloud Platform

 Discover patches already installed

 Discover missing patches

Scanner appliances are one type of sensor that Qualys provides to collect

 PCI Compliance (PCI)

 PCI Compliance Solution | Qualys, Inc.

 Qualys Introduces CyberSecurity Asset Management

There are 2 patch sources (local repository-Qualy Gateway Server and Vendor

(A) Superseded patch evaluation

(A) Patch report

(A) Fixed vulnerabilities

(A) Scanner based findings

(A) Prioritization report

Asset Management, Threat Detection & Prioritization, Vulnerability Management, Response

Asset Management, Vulnerability Management, Threat Detection & Prioritization, Response

Vulnerability Management, Threat Detection & Prioritization, Response, Asset Management

Vulnerability Management, Asset Management, Threat Detection & Prioritization, Response

Presently, you can add up to _____ patches to a single job.

Choose all that apply:

Predicted High Risk

Choose all that apply:

Google Cloud Platform

What does it mean, when a patch is displayed with a “key-shaped” symbol?

The patch is a key requirement for the deployment of other patches.

The patch cannot be uninstalled.

The patch has been deprecated.

The patch cannot be downloaded by Qualys Cloud Agent.

Choose all that apply:

Qualys Passive Sensor

Qualys Scanner Appliance

Qualys Gateway Server

Choose all that apply:

 Create Dashboard widgets for all the contents of the report

 Export the report to dashboard and create a dynamic widget

 Schedule a report to run on a regular basis

 Run a report every time it is needed

The answer to this problem would be :- "retired"

Choose all that apply:

Assign host to CA Configuration Profile (with PM enabled)

Activate PM module on host

Assign host to a PM Job