QUALYS VMDR TRAINING EXAM WITH 100% CORRECT ANSWERS 2023

QUALYS VMDR TRAINING EXAM WITH
100% CORRECT ANSWERS 2023
Which of the following are benefits of scanning in authenticated mode? (choose 2) –
Correct Answer-1. More vulnerabilities are detected

2. Time saved from manually investigating potential vulnerabilities
   Which of the following are valid options for scanning targets? (choose 3) – Correct
   Answer-1. Asset Groups
3. IP addressing
4. Asset Tags
   What type of scanner appliance (already provisioned within the Qualys Cloud Platform)
   is ideal for scanning public facing assets? – Correct Answer-External Scanner
   Which of the following is NOT a component of a vulnerability scan? – Correct AnswerHost Discovery
   Which of the following will have the greatest impact on a half red, half yellow QID? –
   Correct Answer-Authentication
   What is the maximum number of TCP ports that can participate in the Host Discovery
   process? – Correct Answer-20
   Which of the following items are used to calculate the Business Risk score for a
   particular asset group? (choose 2) – Correct Answer-Business Impact
   Security Risk
   In order to successfully perform an authenticated (trusted) scan, you must create a(n): –
   Correct Answer-Authentication record
   Multiple Remediation Policies are evaluated: – Correct Answer-from top to bottom
   A search list contains a list of . – Correct Answer-QIDs
   Dynamic Asset Tags are updated every time you. – Correct Answer-Run a scan
   As a Manager in Qualys, which activities can be scheduled? – Correct Answer-Asset
   Searches
   Updates to the KnowledgeBase
   Maps
   Reports
   Scans
   

Which of the following are benefits of scanning in authenticated mode? (choose 2)

• Fewer confirmed vulnerabilities
• More vulnerabilities are detected
• Time saved from manually investigating potential vulnerabilities
• More accurate scan details
• More vulnerabilities are detected
• Time saved from manually investigating potential vulnerabilities

Which of the following are valid options for scanning targets? (choose 3).

• Asset Groups
• Domain Name
• IP addressing
• Asset Tags
• Search Lists
• MAC Address
• Asset Group
• IP Addressing
• Asset Tags

What type of scanner appliance (already provisioned within the Qualys Cloud Platform) is ideal for scanning public facing assets?

• Offline Scanner
• Virtual Scanner
• External Scanner
• Internal Scanner
  External Scanner

1. Which of the following is NOT a component of a vulnerability scan?

• Host Discovery
• OS Detection
• Port Scanning
• Business Impact
  Host Discovery

Which of the following will have the greatest impact on a half red, half yellow QID?

• Share Enumeration
• Scan Dead Hosts
• Authentication
• Authoritative Option
  Authentication

What is the maximum number of TCP ports that can participate in the Host Discovery process?

• 10
• 65535
• 1900
• 20
  20

Which of the following items are used to calculate the Business Risk score for a particular asset group? (choose 2)

• Business Impact
• Security Risk
• CVSS Base
• CVE ID
• Business Impact
• Security Risk

In order to successfully perform an authenticated (trusted) scan, you must create a(n):

• Authentication Record
• Search List
• Asset Map
• Report Template
  Authentication Record

Multiple Remediation Policies are evaluated:

• From top to bottom
• From bottom to top
• Based on the rule creation date
• In no specific order
  From top to bottom

A search list contains a list of

QIDs
Host Assets
Applications
Asset Groups
QIDs

Dynamic Asset Tags are updated every time you.

• Run a scan
• Create a remediation policy
• Run a report
• Search the KnowledgeBase
  Run a scan

As a Manager in Qualys, which activities can be scheduled?

• Asset Searches
• Updates to the KnowledgeBase
• Maps
• Reports
• Scans
• Asset Searches
• Updates to the KnowledgeBase
• Maps
• Reports
• Scans

What does it mean when a “pencil” icon is associated with a QID in the Qualys KnowledgeBase?

• There is malware associated with the QID
• The QID has a known exploit
• The QID has been edited
• A patch is available for the QID
  The QID has been edited

Which item is not mandatory for launching a vulnerability scan?

• Target Hosts
• Option Profile
• Authentication Record
• Scanner Appliance
  Authentication Record

About how many services can Qualys detect via the Service Detection Module?

• 13
• 512
• 20
• 600
  600

By default, the first user added to a new Business Unit becomes a __ for that unit.

• Auditor
• Administrator
• Reader
• Scanner
• Unit Manager
  Unit Manager

In a new Option Profile, which authentication options are enabled by default?

• All
• Unix
• Windows
• None
  None

Which of the following vulnerability scanning options requires the use of a “dissolvable agent”?

• Windows Share Enumeration
• TCP port scanning
• Scan Dead Hosts
• UDP port scanning
  Windows Share Enumeration

To produce a scan report that includes the results from a specific scan that occurred at a specific point in time, you should select the ___ option in the Report Template.

• Scan Based Findings
• Dynamic Findings
• Static Findings
• Host Based Findings
  Host Based Findings

About how many TCP ports are scanned when using Standard Scan option?

• 1900
• 10
• 20
• 65535
  1900

Asset Groups and Asset Tags can be used to effectively customize or fine tune … (choose all that apply)

• Reports
• Vulnerability Scans
• Remediation Policies
• Search Lists
  Reports
  Vulnerability Scans
  Remediation Policies

What is required in order for Qualys to generate remediation tickets? (choose all that apply)

• Scan Results need to be processed by Qualys
• A Policy needs to be created
• A Map needs to be run
• A Remediation Report needs to be run
• Scan Results need to be processed by Qualys
• A Policy needs to be created

Before you can scan an IP address for vulnerabilities, the IP address must first be added to the.

• Host Assets tab
• Business Units tab
• Domains tab
• Search List tab
  Host Assets tab

What is the 6-step lifecycle of Qualys Vulnerability Management?

• Mapping, Scanning, Reporting, Remediation, Simplification, Authentication
• Learning, Listening, Permitting, Forwarding, Marking, Queuing
• Bandwidth, Delay, Reliability, Loading, MTU, Up Time
• Discover, Organize Assets, Assess, Report, Remediate, Verify
  Discover, Organize Assets, Assess, Report, Remediate, Verify

To exclude a specific QID/vulnerability from a vulnerability scan you would:

• Disable the QID in the Qualys KnowledgeBase.
• Ignore the vulnerability from within a report.
• Place the QID in a search list, and exclude that search list from within the Option Profile.
• You cannot exclude QID/Vulnerabilities from vulnerability scans.
  Place the QID in a search list, and exclude that search list from within the Option Profile.

Which of the following components are included in the raw scan results, assuming you do not apply a Search List to your Option Profile? (choose all that apply)

• Host IP
• Option Profile Settings
• Potential Vulnerabilities
• Information Gathered
• Vulnerabilities
• Potential Vulnerabilities
• Information Gathered
• Vulnerabilities

Which of the following types of items can be found in the Qualys KnowledgeBase? (choose all that apply)

• Potential Vulnerabilities
• Configuration data (Information Gathered)
• Confirmed Vulnerabilities
• Asset Groups
• Remediation Tickets
• Potential Vulnerabilities
• Configuration data (Information Gathered)
• Confirmed Vulnerabilities

Which three features of the Vulnerability Management application can be customized using a KnowledgeBase “Search List”?

• Authentication Records
• Report Templates
• Remediation Policies
• Option Profiles
• Report Templates
• Remediation Policies
• Option Profiles

What type of Search List adds new QIDs to the list when the Qualys KnowledgeBase is updated?

• Active
• Static
• Dynamic
• Passive
• Dynamic

When a host is removed from your subscription, the Host Based Findings for that host are.

• Ranked
• Purged
• Ignored
• Archived
• Purged