Sei sulla pagina 1di 8

What does the S in the ASLN section of Map Results really mean?

The IP is secure

The IP is currently being scanned

X The IP is in your subscription

The IP has been previously scanned.

Which of the following types of items can be found in the Qualys KnowledgeBase? (choose
all that apply)

X Potential Vulnerabilities

Asset Groups

Remediation Tickets

Configuration data (Information Gathered)

X Confirmed Vulnerabilities

The information contained in a map result can help network administrators to identify
_______________ devices.

Rogue (unapproved)

Exploitable

Vulnerable

X Unpatched

To launch a successful map, you must provide the following information/components.


(choose all that apply)

X Option Profile

Search List

Report Template

X Domain/Netblock

X Scanner Appliance
By default, the first user added to a new Business Unit becomes a ____________ for that unit.

Reader

Auditor

Administrator

X Unit Manager

Scanner

Which of the following is NOT a component of a vulnerability scan?

Host Discovery

OS Detection

Port Scanning

X Business Impact

Which of the following vulnerability scanning options requires the use of a dissolvable agent?

UDP port scanning

Scan Dead Hosts

X Windows Share Enumeration

TCP port scanning

Asset Search can be used to create... (choose all that apply)

Search Lists

Report Templates

X Asset Tags

X Asset Groups

Option Profiles
Multiple Remediation Policies are evaluated:

From bottom to top

In no specific order

Based on the rule creation date

X From top to bottom

Why is it beneficial to set the Business Impact of an Asset Group?

It's used to calculate CVSS Score.

It's used to calculate storage space

X It's used to calculate the Business Risk

It's used to calculate Security Risk

Which asset tagging rule engine, supports the use of regular expressions?

Asset Name Contains

Vuln (QID) Exists

IP Address in Range(s)

X No Dynamic Rule

Asset Groups and Asset Tags can be used to effectively customize or fine tune (choose all that
apply)

X Reports

Search Lists

Remediation Policies

X Vulnerability Scans

What scanning option allows Qualys to get a more accurate reading of the host operating system?

Scan Dead Hosts

Load Balancer Detection


X Authentication

Authoritative Option

To exclude a specific QID/vulnerability from a vulnerability scan you would:

Ignore the vulnerability from within a report.

You cannot exclude QID/Vulnerabilities from vulnerability scans.

X Place the QID in a search list, and exclude that search list from within the Option Profile.

Disable the QID in the Qualys KnowledgeBase.

Which of the following options can be used to run a map? (choose all that apply)

Vulnerability Detection

Basic Information Gathering

X Live Host Sweep

X DNS Reconnaissance

Before you can scan an IP address for vulnerabilities, the IP address must first be added to the

X Host Assets tab

Business Units tab

Domains tab

Search List tab

Which of the following items are used to calculate the Business Risk score for a particular asset
group? (choose all that apply)

X Security Risk

CVE ID

CVSS Base

X Business Impact
What is the 6-step lifecycle of Qualys Vulnerability Management?

Learning, Listening, Permitting, Forwarding, Marking, Queuing

Mapping, Scanning, Reporting, Remediation, Simplification, Authentication

Bandwidth, Delay, Reliability, Loading, MTU, Up Time

X Discover, Organize Assets, Assess, Report, Remediate, Verify

In order to successfully perform an authenticated (trusted) scan, you must create a(n):

Search List

Asset Map

X Authentication Record

Report Template

Which scorecard report provides the option to set a Business Risk Goal?

X Vulnerability Scorecard Report

Ignored Vulnerabilities Report

Most Vulnerable Hosts Report

Most Prevalent Vulnerabilities Report

What is the maximum number of TCP ports that can participate in the Host Discovery process?

X 20

65535

1900

10

What type of Search List adds new QIDs to the list when the Qualys KnowledgeBase is updated?

Passive

X Dynamic
Static

Active

Which of the following will have the greatest impact on a half red, half yellow QID?

Scan Dead Hosts

Share Enumeration

X Authentication

Authoritative Option

Dynamic Asset Tags are updated every time you...

Run a report

X Run a scan

Create a remediation policy

Run a map

In a new Option Profile, which authentication options are enabled by default?

Unix

All

X None

Windows

What does it mean when a pencil icon is associated with a QID in the Qualys KnowledgeBase?

A patch is available for the QID

There is malware associated with the QID

The QID has a known exploit

X The QID has been edited

Which Vulnerability Detail (found in a Scan Template) identifies the data or information collected
and returned by the Qualys Scanner Appliance?

Impact
Compliance

X Results

Solution

Threat

Which of the following components are included in the raw scan results, assuming you do not
apply a Search List to your Option Profile? (choose all that apply)

X Vulnerabilities

X Information Gathered

X Option Profile Settings

X Potential Vulnerabilities

X Host IP

When a host is removed from your subscription, the Host Based Findings for that host are...

Archived

Ranked

Ignored

X Purged

Potrebbero piacerti anche