Package deal for Qualys Vulnerability Management v1 with 100% Correct Answers 2023

Qualys Cloud Agent Exam with 100% Correct
Answers 2023
Identify the Qualys application modules that require Cloud Agent. (Choose all that apply)
(A) EDR
(B) VM
(C) PM
(D) FIM – Correct answer (A) EDR
(C) PM
(D) FIM
A Cloud Agent status indicates the agent uploaded new host data, and an assessment of the
host was performed within the Qualys Cloud Platform. Which one from the following options is
it?
(A) Scan Complete
(B) Provisioned
(C) Manifest Downloaded
(D) Configuration Downloaded – Correct answer (A) Scan Complete
From all the tasks associated with the Provisioning stage, identify the one that is not among
them.
(A) Agent attempts to connect to the Qualys Platform (with valid CustomerID and AcctivationID)
(B) Agent performs an initial assessment scan
(C) Agent is validated by the Qualys platform
(D) Agent generates its Qualys Host ID or re-provisions its Qualys Host ID for cloned images –
Correct answer (B) Agent performs an initial assessment scan
Recall and state the task that is NOT performed by Cloud Agent.
(A) Check-in to the Qualys Platform at regular intervals
(B) Transfer data payloads to the Qualys Platform
(C) Assessment Testing
(D) Data collection – Correct answer (C) Assessment Testing
The VM Scan Interval option of the Configuration Profile allows you to perform which task?
(A) Configure frequency for SCA scan
(B) Configure frequency for VM scan
(C) Configure frequency for policy compliance scan
(D) Configure Agent status interval – Correct answer (A) Configure frequency for SCA scan
Identify the query that will help you find agents that have not checked-in within the last 7 days.
(A) lastCheckedIn (not, 7days)
(B) not lastCheckedIn (7days)
(C) not lastCheckedIn > now-7d
P a g e 1 | 7

(D) lastCheckedIn > now-7d – Correct answer (C) not lastCheckedIn > now-7d
As a “best practice,” you are asked to associate an Activation Key with an Asset Tag, that uses
the _____ Rule Engine.
(A) Open Ports
(B) No Dynamic Rule
(C) IP Address in Range(s)
(D) Asset Name Contains – Correct answer (B) No Dynamic Rule
Recognize who initiates the communication sessions between Cloud Agent and the Qualys
Platform
(A) Either Cloud Agent or the Qualys Platform
(B) Neither Cloud Agent nor the Qualys Platform
(C) Cloud Agent
(D) Qualys Platform – Correct answer (C) Cloud Agent
The ‘Delta Upload Interval’ and ‘Chunk sizes for file fragment uploads’ settings in the
Configuration Profile, are designed to impact the way an agent uses _____ .
(A) Host Memory
(B) Network Bandwidth
(C) Host CPU
(D) Disk Space – Correct answer (B) Network Bandwidth
Your manager has asked you to validate a successful Cloud Agent installation. What will you
look for?
(A) The ‘Installation Succesful’ message is displayed in the ‘Command Prompt’ or ‘Terminal’
window
(B) Successful communication status codes are recorded in the agent log file.
(C) The Qualys Cloud Agent process is running on the host.
(D) The host has received a unique Qualys Host ID. – Correct answer (B) Successful
communication status codes are recorded in the agent log file.
(C) The Qualys Cloud Agent process is running on the host.
(D) The host has received a unique Qualys Host ID.
What is the recommended approach for removing Cloud Agent from its host?
(A) Use Asset Search to locate the agent host, and select the “Purge” option from the “Actions”
menu.
(B) Kill the “Cloud Agent” process, and reboot the host.
(C) Manually remove all “Cloud Agent” files and programs.
(D) Use the “Uninstall Agent” option from the host’s “Quick Actions” menu. – Correct answer (D)
Use the “Uninstall Agent” option from the host’s “Quick Actions” menu.
By default, a Cloud Agent Activation Key is:
(A) Set to expire 12 months from its creation date.
(B) Unlimited – it allows you to add any number of agents at any time.
P a g e 2 | 7

Qualys Vulnerability Management v1 Exam with
100% Correct Answers 2023
Which of the following are benefits of scanning in authenticated mode? (choose 2)

• Fewer confirmed vulnerabilities
• More vulnerabilities are detected
• Time saved from manually investigating potential vulnerabilities
• More accurate scan details – ✓✓✓- More vulnerabilities are detected
• Time saved from manually investigating potential vulnerabilities
  Which of the following are valid options for scanning targets? (choose 3).
• Asset Groups
• Domain Name
• IP addressing
• Asset Tags
• Search Lists
• MAC Address – ✓✓✓- Asset Group
• IP Addressing
• Asset Tags
  What type of scanner appliance (already provisioned within the Qualys Cloud Platform)
  is ideal for scanning public facing assets?
• Offline Scanner
• Virtual Scanner
• External Scanner
• Internal Scanner – ✓✓✓External Scanner

1. Which of the following is NOT a component of a vulnerability scan?

• Host Discovery
• OS Detection
• Port Scanning
• Business Impact – ✓✓✓Host Discovery
  Which of the following will have the greatest impact on a half red, half yellow QID?
• Share Enumeration
• Scan Dead Hosts
• Authentication
• Authoritative Option – ✓✓✓Authentication
  P a g e 1 | 6

What is the maximum number of TCP ports that can participate in the Host Discovery
process?

• 10
• 65535
• 1900
• 20 – ✓✓✓20
  Which of the following items are used to calculate the Business Risk score for a
  particular asset group? (choose 2)
• Business Impact
• Security Risk
• CVSS Base
• CVE ID – ✓✓✓- Business Impact
• Security Risk
  In order to successfully perform an authenticated (trusted) scan, you must create a(n):
• Authentication Record
• Search List
• Asset Map
• Report Template – ✓✓✓Authentication Record
  Multiple Remediation Policies are evaluated:
• From top to bottom
• From bottom to top
• Based on the rule creation date
• In no specific order – ✓✓✓From top to bottom
  A search list contains a list of
  QIDs
  Host Assets
  Applications
  Asset Groups – ✓✓✓QIDs
  Dynamic Asset Tags are updated every time you.
• Run a scan
• Create a remediation policy
• Run a report
• Search the KnowledgeBase – ✓✓✓Run a scan
  As a Manager in Qualys, which activities can be scheduled?
  P a g e 2 | 6

Qualys Patch Management (PM) Exam with 100%
Correct Answers 2023
Using the “Search” field (found in the VULNERABILITIES section of the VM Dashboard), which
query will produce a list of “patchable” vulnerabilities?
(A)vulnerabilities.vulnerability.qualysPatchable:TRUE
(B)vulnerabilities.vulnerability.qualysPatchable:FALSE
(C)vulnerabilities.vulnerability.isPatchable:FALSE
(D)vulnerabilities.vulnerability.isPatchable:TRUE –
✓✓✓(D)vulnerabilities.vulnerability.isPatchable:TRUE
Which of the following conventions can be used to include or assign host assets to a job?
(choose 2) (Select all that apply)
(A) Asset Name
(B) Asset Group
(C) Business Unit
(D) Asset Tag – ✓✓✓(A) Asset Name
(D) Asset Tag
The __ process is responsible for installing and uninstalling patches, included in patch
jobs you create.
(A) stdeploy.exe
(B) Qualys Cloud Agent
(C) notify.exe
(D) Qualys Cloud Agent UI – ✓✓✓(B) Qualys Cloud Agent
What does it mean, when a patch is displayed with a “key-shaped” symbol?
(A) The patch is a key requirement for the deployment of other patches.
(B) The patch cannot be downloaded by Qualys Cloud Agent.
(C) The patch has been deprecated.
(D) The patch cannot be uninstalled. – ✓✓✓(B) The patch cannot be downloaded by Qualys
Cloud Agent.
Within a PM Assessment Profile, what is the minimum value, for patch assessment frequency?
(A) 24 hours
(B) 4 hours
(C) 12 hours
(D) 1 hour – ✓✓✓(A) 24 hours
Which of the following Qualys applications or services, provide the ability to create a patch job?
(choose 3) (Choose all that apply)
(A) PC
(B) PM
Page 1 of 6

(C) VMDR
(D) VM – ✓✓✓(B) PM
(C) VMDR
(D) VM
Which sections of the PM application, provide you with the ability to create a patch job? (choose
3)(Choose all that apply)
(A) ASSETS
(B) CONFIGURATION
(C) PATCHES
(D) JOBS – ✓✓✓(A) ASSETS
(B) CONFIGURATION
(C) PATCHES
The current status of any job can be monitored using the _ option from its “Quick
Actions” menu.
(A) View Details
(B) Edit
(C) Enable
(D) view Progress – ✓✓✓(D) view Progress
Which of the following are options for prioritizing vulnerabilities, in a VMDR Prioritization
Report? (choose 3) (Choose all that apply)
(A) Compliance Posture
(B) Attack Surface
(C) Vulnerability Age
(D) Real-Time Threat Indicator (RTI) – ✓✓✓(B) Attack Surface
(C) Vulnerability Age
(D) Real-Time Threat Indicator (RTI)
Which of the following are methods for activating the PM module on a Qualys agent host?
(choose 3) (Choose all that apply)
(A) Select the “Activate for FIM or IOC or PM” option for a host, in the Cloud Agent application.
(B) Deploy the agent with an Activation Key that has the PM module selected.
(C) Use the Qualys Cloud Agent API, to activate the PM module for a single agent or agents in
bulk.
(D) Add agent host assets to a PM Asset Group. – ✓✓✓(B) Deploy the agent with an Activation
Key that has the PM module selected.
(C) Use the Qualys Cloud Agent API, to activate the PM module for a single agent or agents in
bulk.
(D) Add agent host assets to a PM Asset Group.
Patching messages and notifications are managed by the ___ process.
(A) Qualys Cloud Agent
(B) Qualys Cloud Agent UI
(C) stdeploy.exe
Page 2 of 6

Qualys Web Application Scanning Exam with
100% Correct Answers 2023
The Malware Monitoring option should only be enabled for:
(A) Applications with a “malware” tag
(B) Internal facing applications
(C) External facing applications
(D) Both internal and external facing applications – ✓✓✓(C) External facing applications
Where can you “Ignore” a vulnerability for a Web Application? (select two) (Choose all that
apply)
(A) Scorecard Report
(B) Scan Report
(C) Web Application Report
(D) Detections Tab – ✓✓✓(B) Scan Report
(D) Detection Tab
A Search List contains a list of:
(A) Username/Password combinations
(B) QIDs from the Qualys KnowledgeBase
(C) Crawling hints
(D) Common input parameters – ✓✓✓(B) QIDs from the QualysBase
When launching a Web Application Scan, you have the option to override some default settings.
Which of the following options can NOT be overridden?
(A) Option Profile
(B) Crawl Scope
(C) Scanner Appliance
(D) Authentication Record – ✓✓✓(D) Authentication Record
What attack proxies can you integrate with Qualys WAS?
(A) BURP
(B) W3af
(C) ZAP
(D) WebScarab – ✓✓✓(A) BURP
How can you get your scan to follow a business workflow (such as a shopping cart transaction)?
(A) Use a Selenium Script to record and replay the workflow
(B) Use a Custom Authentication Record
(C) Use a Crawl Exclusion List
(D) Use DNS Override – ✓✓✓(A) Use a Selenium Script to record and replay the workflow
P a g e 1 | 7

Using the “Crawling Hints” setting, WAS can crawl all links and directories found in: (select two)
(Choose all that apply)
(A) Index.html
(B) Sitemap.xml
(C) Robots.txt
(D) default.css – ✓✓✓(B) Sitemap.xml
(C) Robots.txt
The Explicit URLs to Crawl field may contain (select two): (Select all that apply)
(A) URLs both inside and outside of the Crawl Scope
(B) URLs outside of the Crawl Scope
(C) URLs within the Crawl Scope
(D) URLs not automatically discovered by WAS – ✓✓✓(B) URLs outside of the Crawl Scope
(D) URLs not automatically discovered by WAS
Outside of the “Custom Contents” option, what preset Sensitive Content types can the Web
Application Scanner detect? (select two) (Choose all that apply)
(A) Passwords
(B) Social Security Number
(C) Driving License Number
(D) Credit Card Number – ✓✓✓(B) Social Security Number
(D) Credit Card Number
Using the Administration Utility, which of the following scan permissions can be assigned to a
user role? (select three) (Choose all that apply)
(A) Cancel WAS Scan
(B) Delete WAS Scan
(C) Update WAS Scan
(D) Launch WAS Scan – ✓✓✓(A) Cancel WAS Scan
(B) Delete WAS Scan
(D) Launch WAS Scan
Which WAS feature uses a virtual machine farm to detect a potentially malicious script in a Web
application?
(A) Progressive Scanning
(B) Malware Monitoring
(C) Redundant Links
(D) DNS Override – ✓✓✓(B) Malware Monitoring
Which technique would you use to build a report containing specifics on only your app’s most
severe vulnerabilities?
(A) Add a Search List to the report
(B) Add a Crawl Exclusion List to the report
(C) Add a Brute Force List to the report
P a g e 2 | 7

Qualys Vulnerability Management Self-Paced Training
Exam with 100% Correct Answers 2023
List the default tracking methods available for adding assets to your “scanning”
subscription. (Select Three)
(A) DNS Name
(B) NetBIOS Name
(C) CVE ID
(D)Qualys Host ID
(E) IP Address – Correct answer (A) DNS Name
(B) NetBIOS Name
(E) IP Address
Name the phase or step of the Qualys Vulnerability Management Lifecycle that
produces scan results containing vulnerability findings?
(A) Report
(B) Discover
(C) Remediate
(D) Assess – Correct answer (D) Assess
Which of the following is the default tracking method used by Qualys Cloud Agents?
(A) IP Address
(B) Qualys Host ID
(C) DNS Name
(D) NetBIOS Name – Correct answer (B) Qualys Host ID
Which of the following are phases of the Vulnerability Management Lifecycle?
(A) Maintenance
(B) Remediate
(C) Design
(D) Discover
(E) Report – Correct answer (B) Remediate
(D) Discover
(E) Report
Name the type of scanner appliance (by default) available to all Qualys users with
“scanning” privileges?
(A) External (Internet-based) Scanner
(B) Offline Scanner
(C) Virtual Scanner

(D) Internal Scanner – Correct answer (A) External (Internet-based) Scanner
Only the user role can edit QIDs in your account KnowledgeBase.
(A) Manager
(B) Administrator
(C) Scanner
(D) Unit Manager – Correct answer (A) Manager
Potential vulnerabilities are automatically verified. (True/ False)
(A) True
(B) False – Correct answer (B) False
A severity ___ vulnerability is the most urgent.
(A) Level 5
(B) Level 1
(C) Level 2
(D) Level 4 – Correct answer (A) Level 5
Which of the following criteria can be used to create a dynamic Search List? (Select
Three).
(A) Host Name
(B) Severity Level
(C) IP Address
(D) CVE ID
(E) CVSS Score – Correct answer (B) Severity Level
(D) CVE ID
(E) CVSS Score
What is the name given to a custom list of QIDs taken from the Qualys
KnowledgeBase?
(A) Search List
(B) Host Assets
(C) Asset Group
(D) Authentication Record – Correct answer (A) Search List
You have just created a Search List. Where can you use or apply it? (Select Three)
(A) Report Template
(B) Remediation Policy
(C) Asset Group
(D) Business Unit

Qualys Reporting Strategies and Best Practices Exam with
100% Correct Answers 2023
1) In the patch report template, which evaluation provides the most accurate patches that need to be
installed?
(A) Superseded patch evaluation
(B) Latest patch evaluation
(C) QID based patch evaluation
(D) Classic patch evaluation – Correct answer (A) Superseded patch evaluation
2) Which scorecard report type allows you to identify hosts that are missing required patches and
software?* (A) Patch report (B) Vulnerability scorecard report (C) Missing software report (D) Asset Search Report – Correct answer (A) Patch report 3) Which of the following scenarios can lead to gaps in the patch tree structure and break the patch supersedence logic? Select all that apply. (A) Scan report with vulnerability search list or Threat Protection RTI filter (B) Cloud Agent data collection followed by an authenticated scan (C) Scan job with a custom vulnerability filter (D) Unauthenticated scan (E) Cloud Agent scan – Correct answer (A) Scan report with vulnerability search list or Threat Protection RTI filter 4) (C) Scan job with a custom vulnerability filter 5) Identify the vulnerability types excluded by default in the VM/VMDR Dashboard. Select all that apply.*
(A) Fixed vulnerabilities
(B) Disabled or Ignored vulnerabilities
(C) Vulnerabilities without exploits
(D) Low severity vulnerabilities
(E) Vulnerabilities without patches – Correct answer (A) Fixed vulnerabilities
6) (B) Disabled or Ignored vulnerabilities
7) The __ vulnerability type is enabled by default in a new report template.
(A) Confirmed
(B) Potential
(C) Patched
(D) Information Gathered – Correct answer (B) Potential
P a g e 1 | 8

8) Stale asset and vulnerability data can affect your security risk and business risk calculations. ***
(A) False
(B) True – Correct answer (B) True
9) Adding non-Qualys user’s email in the distribution group helps you distribute the scheduled report
to such users. ***
(A) True
(B) False – Correct answer (A) True
10) When using host-based findings, which of these needs to be turned on to toggle the inclusion of
Fixed vulnerabilities in the report?* (A) Trending 11) (B) 12) (C) 13) (D) – Correct answer (A) Trending 14) Which finding type allows you to include trending data in your reports?*
(A) Scanner based findings
(B) San-based finding
(C) Cloud Agent-based findings
(D) Host-based findings – Correct answer (D) Host-based findings
15) Threat Protection RTIs are used in the___________ in VMDR to identify the potential impact of
discovered vulnerabilities, as well as vulnerabilities that have known or existing threats. * (A) Prioritization report (B) Remediation report (C) Scorecard report (D) Patch report – Correct answer (A) Prioritization report 16) Identify the factor from the following that does not affect the report generation process.*
(A) Number of detections
(B) Trending period
(C) Number of assets
(D) Number of graphics – Correct answer (D) Number of graphics
17) Dashboard trend graphs are not meant to be an audit-ready method of tracking data over time as
widget changes can wipe of previous trend data.* (A) True (B) False – Correct answer (A) True 18) When building a dashboard widget mapped to a scan report template, it’s important to note that the __ option is not supported in VM/VMDR dashboard.*
P a g e 2 | 8

Qualys Vulnerability Management v1 with 100% Correct
Answers 2023
Which of the following are benefits of scanning in authenticated mode? (choose 2) – ✓✓✓1. More
vulnerabilities are detected

2. Time saved from manually investigating potential vulnerabilities
   Which of the following are valid options for scanning targets? (choose 3) – ✓✓✓1. Asset Groups
3. IP addressing
4. Asset Tags
   What type of scanner appliance (already provisioned within the Qualys Cloud Platform) is ideal for
   scanning public facing assets? – ✓✓✓External Scanner
   Which of the following is NOT a component of a vulnerability scan? – ✓✓✓Host Discovery
   Which of the following will have the greatest impact on a half red, half yellow QID? – ✓✓✓Authentication
   What is the maximum number of TCP ports that can participate in the Host Discovery process? – ✓✓✓20
   Which of the following items are used to calculate the Business Risk score for a particular asset group?
   (choose 2) – ✓✓✓Business Impact
   Security Risk
   In order to successfully perform an authenticated (trusted) scan, you must create a(n): –
   ✓✓✓Authentication record
   Multiple Remediation Policies are evaluated: – ✓✓✓from top to bottom
   A search list contains a list of . – ✓✓✓QIDs
   Dynamic Asset Tags are updated every time you. – ✓✓✓Run a scan
   As a Manager in Qualys, which activities can be scheduled? – ✓✓✓Asset Searches
   Updates to the KnowledgeBase
   Maps
   Reports

2
Vulnerability Management Detection and Response
(VMDR) LATEST EXAM 2023/2024
What are the features of the Patch Management (PM) application – Correct answer
What are the steps for Patch Management as a response to vulnerability findings – Correct
answer
What is asset management? – Correct answer Step 1 in the VMDR lifecycle
What is vulnerability management? – Correct answer Step 2 in the VMDR lifecycle
What is threat detection and prioritization? – Correct answer Step 3 in the VMDR lifecycle
What is response (patch deployment?) – Correct answer Step 4 in the VMDR lifecycle
What should you ask your business, IT, and security managers regarding cyberhygine? –
Correct answer 1. Do we know what assets we have and what is connected to our systems and
networks?

2. Do we know what’s running (or trying to run) on our systems and networks?
3. Are we limiting and managing the number of people with administrative privileges to change,
   bypass, or override the security settings on our systems and networks?
4. Do we have in place continuous processes backed by security technologies that would allow
   us to prevent most breaches, rapidly detect all that do succeed, and minimize damage to our
   business and our customers?
5. Can we demonstrate that we have an effective monitoring strategy in place to our Board, our
   shareholders, and customers today?
   What are the major steps to take in “Inventory and Control Enterprise Assets?” – Correct answer
6. Establish and Maintain Detailed Enterprise Asset Inventory
7. Address Unauthorized Assets
   What are the major steps to take in “Inventory and Control Software Assets?” – Correct answer
8. Establish and Maintain a Software Inventory
9. Ensure Authorized Software Is Currently Supported
10. Address Unauthorized Software
    What are the major steps to take in “Protect Data?” – Correct answer 1. Establish and Maintain
    a Data Management Process
11. Establish and Maintain a Data Inventory
12. Configure Data Access Control Lists
13. Enforce Data Retention
14. Securely Dispose of Data

2

6. Encrypt Data on End-User Devices
   What should be addressed during Establish and Maintain a Data Management Process? –
   Correct answer 1. What type of data does the university process or store?
7. Where is the data processed or stored?
8. Who has access to each type of data?
   What is CIA? – Correct answer Confidentiality, Integrity, and Availability
   What are the steps for secure configuration and baseline image? – Correct answer 1. Determine
   the risk classification of the data handled or stored on the asset.
9. Create a security configuration script that sets system security settings to meet the
   requirements to protect the data used on the asset.
10. Install the base operating system software.
11. Apply appropriate operating system and security patches.
12. Install appropriate application software packages, tools, and utilities.
13. Apply appropriate updates to operating systems.
    Install local customization scripts to this image.
14. Run the security script created earlier to set the appropriate security level.
15. Run a Security Content Automation Protocol (SCAP) compliant tool to record and score the
    system setting of the baseline image.
16. Perform a security quality assurance test.
17. Save this base image in a secure location.
    What are the Safeguards? – Correct answer 1. Establish and Maintain a Secure Configuration
    Process
    2.Establish and Maintain a Secure Configuration Process for Network Infrastructure
18. Configure Automatic Session Locking on Enterprise Assets
19. Implement and Manage a Firewall on Servers
20. Implement and Manage a Firewall on End-User Devices:
21. Securely Manage Enterprise Assets and Software:
22. Manage Default Accounts on Enterprise Assets and Software:
    What are Remote Scanners? – Correct answer internet-facing and ideal for scanning internetfacing assets around the globe.
    What are Local Scanners? – Correct answer deployed on local area networks and commonly
    scan assets within reserved or private IP address ranges. Can be physical or virtual.
    What are Qualys Cloud Agents? – Correct answer run as a local process on the host they
    protect.
    What are Qualys Passive Sensors? – Correct answer Works with TAPs and Switches
    throughout your network, passive sensors operate by sniffing network traffic sent to the Qualys