Download VULNERABILITY MANAGEMENT DETECTION AND RESPONSE VMDR ACTUAL EXAM QUESTIONS AND ANSWERS and more Exams Nursing in PDF only on Docsity!
VULNERABILITY MANAGEMENT
DETECTION AND RESPONSE VMDR
ACTUAL EXAM QUESTIONS AND
CORRECT ANSWERS ALREADY
GRADED A+ GURANTEED PASS
LATEST VERSION
"Which of these is true? (A) a patch deployment job can be configured to suppress asset reboot (B) a patch deployment job cannot suppress asset reboot - CORRECT ANSWER=> (A) a patch deployment job can be configured to suppress asset reboot" "Which of these is true about patch deployment jobs? (A) by default, all users can edit a patch deployment job (B) by default, only the user who created the patch deployment job can edit it - CORRECT ANSWER=> (B) by default, only the user who created the patch deployment job can edit it" "You want to create a deployment job that includes patches based on criteria. For example - security patches with critical severity. Which patch selection option would you use?. (A) manual patch selection (B) automatic patch selection - CORRECT ANSWER=> (B) automatic patch selection" "Which of these is true?
(A) patch deployment jobs cannot be scheduled; they must run on-demand (B) patch deployment jobs can be scheduled for a future date - CORRECT ANSWER=> (B) patch deployment jobs can be scheduled for a future date" "Which of these is true about patch deployment jobs? (A) only some patch jobs can be cloned (B) all patch jobs can be cloned - CORRECT ANSWER=> (B) all patch jobs can be cloned" "Which of these can you use to include hosts in a patch deployment job?(Select 2) (A) Asset groups (B) Asset Tags (C) Hostnames (D) IP addresses - CORRECT ANSWER=> (B) Asset Tags (C) Hostnames" "The prioritized products report allows you to view the total number of product vulnerabilities (active and fixed) detected in your environment over the last _______________. (A) Two Weeks (B) Two Months (C) Two Days (D) Two years - CORRECT ANSWER=> (D) Two years" "Why would you use the "Enable opportunistic patch download" option? (A) to have the agent download the patch before the scheduled job begins (B) to have the agent download the patch after the scheduled job begins - CORRECT ANSWER=> (A) to have the agent download the patch before the scheduled job begins" "Which of these would you use to identify patchable applications that introduce the most number of vulnerabilities in your subscription? (A) patch catalog (B) patch report (C) prioritized products report - CORRECT ANSWER=> (C) prioritized products report"
(A) Correct (B) Incorrect - CORRECT ANSWER=> (A) Correct" "Zero Touch Patching helps: (Select two) (A) To update endpoints and servers proactively as soon as patches are available (B) Automatically create tickets for missing patches (C) Automate patch vulnerabilities based on the Real Time Threat Indicators (RTIs) (D)Runs security scans after every four hours (E) Automatically export patch information - CORRECT ANSWER=> (A) To update endpoints and servers proactively as soon as patches are available (C) Automate patch vulnerabilities based on the Real Time Threat Indicators (RTIs)" "Which query will list patches that Qualys can uninstall? (A) isUninstall: true (B) isRollback: true (C) isRollback: false (D) isUninstall: false - CORRECT ANSWER=> (B) isRollback: true" "Which of these is true about a zero-touch patch job? (A) a zero-touch patch job can only be scheduled for a future date (B) a zero-touch patch job automatically includes required patches using a QQL query (C) you can manually select patches to include in the zero-touch patch job - CORRECT ANSWER=> (B) a zero-touch patch job automatically includes required patches using a QQL query" "Which of the following statements about uninstalling patches is true? (A) Not all patches in the Patch Catalog can be uninstalled. (B) Uninstallable patches are shown with a key-shaped symbol (C) All patches in the Patch Catalog can be uninstalled. - CORRECT ANSWER=> (A) Not all patches in the Patch Catalog can be uninstalled." “Which of these is a reason for using a Patch Management solution? (A) To monitor logs on the asset
(B) To scan for viruses (C) To close open ports and services (D) To address vulnerabilities - CORRECT ANSWER=> (D) To address vulnerabilities" "Which of these Qualys solutions would you use to address vulnerabilities on your assets? (A) Vulnerability Management (B) Patch Management (C) Endpoint Detection and Response (D) Policy Compliance - CORRECT ANSWER=> (B) Patch Management" "Which of these sensors does Qualys use to deploy patches? (A) Scanner appliances (B) Cloud connectors (C) Passive sensor (D) Cloud agent - CORRECT ANSWER=> (D) Cloud agent" "Which of these actions is commonly performed after deploying patches? (A) Asset is decommissioned (B) Asset is scanned (C) Asset is rebooted (D) Asset is reimaged - CORRECT ANSWER=> (C) Asset is rebooted" "Which of these is a recommended approach to patching assets? (A) Uninstall old patches and apply new (B) Do not apply patches unless necessary (C) Apply patches on a set of test assets, verify that the patches do not cause issues, and patch the remaining assets (D) Apply patches on all assets right away - CORRECT ANSWER=> (C) Apply patches on a set of test assets, verify that the patches do not cause issues, and patch the remaining assets" "Qualys Patch Management correlates missing patches with vulnerabilities. (A) False (B) True - CORRECT ANSWER=> (B) True"
(A) by default, superseded patches are shown (B) by default, superseded patches are hidden - CORRECT ANSWER=> (B) by default, superseded patches are hidden" "Which of these would you use to assign Patch Management licenses to hosts? (A) hostnames (B) IP addresses (C) asset tags (D) asset groups - CORRECT ANSWER=> (C) asset tags" "You want to change the default assessment duration for missing patches? Which of the following will you perform? (A) Create a new activation key (B) Create and assign a new assessment profile (C) Redeploy the agent (D) Create a new configuration profile - CORRECT ANSWER=> (B) Create and assign a new assessment profile" "What is the default "Cache size" allocated for Patch Management? (A) 2048 MB (B) 1024 MB (C) 512 MB (D) 256 MB - CORRECT ANSWER=> (A) 2048 MB" "PM Work Flow - CORRECT ANSWER=> Step 1: Install Cloud Agent on the target host Step 2: Assign target agent host to a CA Configuration Profile that has PM enabled Step 3: Assign PM license to the host Step 4: Configure patch deployment job" “CIS Control 1: Inventory and Control of Enterprise Assets - CORRECT ANSWER=> calls for the inventory, tracking, and correction of all enterprise assets. This includes end-user devices, portable & mobile devices, network devices, non-computing/Internet of Things (IoT) devices, and servers. Connected to your infrastructure physically, virtually, remotely, and within cloud environments. Unauthorized and unmanaged assets should be identified and then properly removed or remediated."
"Qualys Passive Sensors - CORRECT ANSWER=> can be deployed as physical or virtual appliances. Working with TAPs and Switches throughout your network, passive sensors operate by sniffing network traffic sent to the Qualys platform for processing. Another essential benefit of Passive Sensor is helping you to identify the unmanaged assets throughout your network architecture." "Passive Sensors - CORRECT ANSWER=> can be deployed as a physical appliance or a virtual appliance." "3 different types of Container Sensors: General Sensor - CORRECT ANSWER=> This sensor scans images and containers on a single docker host." "3 different types of Container Sensors: Registry Sensor - CORRECT ANSWER=> This sensor scans images in public and private Docker registries." "3 different types of Container Sensors: CI/CD Pipeline Sensor - CORRECT ANSWER=> This sensor which is also referred to as a "Build" sensor, scans images within your DevOps CI/CD pipeline projects, allowing you to identify and correct vulnerable images during the build process." "instrumentation - CORRECT ANSWER=> process that provides complete visibility of the application inside the container is used. The instrumentation is very lightweight and provides configurable data collection options with low or no impact on application containers. This process is automated by using an instrumenter service." "What is asset management? - CORRECT ANSWER=> Step 1 in the VMDR lifecycle" "What is vulnerability management? - CORRECT ANSWER=> Step 2 in the VMDR lifecycle" "What is threat detection and prioritization? - CORRECT ANSWER=> Step 3 in the VMDR lifecycle" "What is response (patch deployment?) - CORRECT ANSWER=> Step 4 in the VMDR lifecycle" "What should you ask your business, IT, and security managers regarding cyberhygine? - CORRECT ANSWER=> 1. Do we know what assets we have and what is connected to our systems and networks?
- Do we know what's running (or trying to run) on our systems and networks?
- Are we limiting and managing the number of people with administrative privileges to change, bypass, or override the security settings on our systems and networks?
Install local customization scripts to this image.
- Run the security script created earlier to set the appropriate security level.
- Run a Security Content Automation Protocol (SCAP) compliant tool to record and score the system setting of the baseline image.
- Perform a security quality assurance test.
- Save this base image in a secure location." "What are the Safeguards? - CORRECT ANSWER=> 1. Establish and Maintain a Secure Configuration Process 2.Establish and Maintain a Secure Configuration Process for Network Infrastructure
- Configure Automatic Session Locking on Enterprise Assets
- Implement and Manage a Firewall on Servers
- Implement and Manage a Firewall on End-User Devices:
- Securely Manage Enterprise Assets and Software:
- Manage Default Accounts on Enterprise Assets and Software:" "What are Remote Scanners? - CORRECT ANSWER=> internet-facing and ideal for scanning internet-facing assets around the globe." "What are Local Scanners? - CORRECT ANSWER=> deployed on local area networks and commonly scan assets within reserved or private IP address ranges. Can be physical or virtual." "What are Qualys Cloud Agents? - CORRECT ANSWER=> run as a local process on the host they protect." "What are Qualys Passive Sensors? - CORRECT ANSWER=> Works with TAPs and Switches throughout your network, passive sensors operate by sniffing network traffic sent to the Qualys platform for processing. Another essential benefit of Passive Sensor is helping you to identify the unmanaged assets throughout your network architecture. Can be physical or virtual." "what are Cloud and SaaS Connectors? - CORRECT ANSWER=> Work with the native services of your cloud and SaaS providers to identify misconfigurations and security blind spots. Cloud Connectors can be created for your AWS, Google Cloud, and Microsoft Azure accounts. SaaS Connectors are available for Microsoft Office 365, Google Workspace, Zoom, and SalesForce." "What are Qualys Container Sensors? - CORRECT ANSWER=> Downloads as a Docker image and is installed on a Docker host as a container application, right alongside other container
applications. Once installed, Container Sensor will assess all new and existing Docker images and containers for vulnerabilities and misconfigurations." "What are Out-of-Band Sensors? - CORRECT ANSWER=> Help to secure devices on air-gapped networks." "What are APIs? - CORRECT ANSWER=> " "What are the 3 different types of container sensors? - CORRECT ANSWER=> General, Registry, and CI/CD Pipline" "what is a General Sensor? - CORRECT ANSWER=> scans images and containers on a single docker host." "What is a Registry Sensor? - CORRECT ANSWER=> This sensor scans images in public and private Docker registries." "What is a CI/CD Pipeline Sensor? - CORRECT ANSWER=> This sensor which is also referred to as a "Build" sensor, scans images within your DevOps CI/CD pipeline projects, allowing you to identify and correct vulnerable images during the build process." "What is a CI/CD Pipeline - CORRECT ANSWER=> A pipeline is a process that drives software development through a path of building, testing, and deploying code, also known as CI/CD. By automating the process, the objective is to minimize human error and maintain a consistent process for how software is released." "What is Qualys Container Runtime Security (CRS)? - CORRECT ANSWER=> Is instrumented into Docker images and becomes a part (layer) of containerized applications. This is achieved by instrumenting images with Qualys Container Security components, to gather functional and behavioural data about the container's running processes; thereby allowing you to create rules and policies that actively block or prevent unwanted actions or events. As one example, you could build a policy that prohibits access to sensitive system files, such as the 'shadow' or 'passwd' files on a Linux host." "Which Public Registries does the CRS support? - CORRECT ANSWER=> Docker hub"
- Obtain enriched asset data - hardware & software lifecycles, licenses categories, and more
- Perform bi-directional synchronization of asset data with your ServiceNow CMDB
- Define and manage authorized and unauthorized software in your organization
- Customize reporting to meet internal and external needs (e.g. standards compliance reporting)
- Create alerts that can be sent via email, Slack, or PagerDuty to inform you about assets requiring attention" "Hardware Lifecycle Stages: What is General Availability? - CORRECT ANSWER=> hardware is in production, available for purchase,or is supported." "Hardware Lifecycle Stages: What is End of Sale (EOS)? - CORRECT ANSWER=> means that the hardware is no longer sold by the vendor." "Hardware Lifecycle Stages: What is Obsolete (OBS) - End-of-Service - CORRECT ANSWER=> means that the hardware is no longer serviced via upgrades, patches, or maintenance." "For Asset Scanning, what is "Unidentified?" - CORRECT ANSWER=> This value is displayed when not enough data has been discovered or collected by Qualys to determine the asset's hardware or operating system." "For Asset Scanning, what should you do when an asset is "Unidentified?" - CORRECT ANSWER=> your vulnerability scans should be performed in an 'authenticated' mode. You should also check that network filtering devices allow scan traffic to pass." "For Asset Scanning, what is "Unknown" - CORRECT ANSWER=> This value appears when there is adequate data available to categorize the asset, but the asset itself is not cataloged." "For Asset Scanning, what should you do when an asset is "Unknown?" - CORRECT ANSWER=> catalogue the asset" “What are the sources of Vulnerabilities? Select all that apply. A. Programming mistakes B. Bugs C. Unclosed ports D. Firewalls
E. Hardware and devices F. A+B+C+E - CORRECT ANSWER=> F. A+B+C+E" "The primary objectives of VM are to— Select all that apply. A. Change a software configuration to make it less susceptible to attack. B. Enable the effective mitigation and management of security risks. C. Run security scans and update firewalls. D. Indicate the most effective workflow for patching and updating your devices to thwart attacks. E. Increase performance of your network. F. A+B+D - CORRECT ANSWER=> F. A+B+D" "Who all are vulnerable to risk? A. Businesses connected to the internet B. Government data C. Individuals accessing internet D. All the options - CORRECT ANSWER=> D. All the options" "Attackers target victims by first exploiting ____________ entities. A. Trusted B. Vulnerable C. Virus D. Non-trusted - CORRECT ANSWER=> A. Trusted" "Vulnerability Management (VM) means: A. Systematically and continuously finding and eliminating vulnerabilities in your computer systems. B. Immunize your computer with the help of an anti-virus. C. Misguide the hackers by providing incorrect information and avoiding the attacks. D. Building up additional firewalls to safeguard your organization. - CORRECT ANSWER=> A. Systematically and continuously finding and eliminating vulnerabilities in your computer systems." "Asset scoping is the process of organizing the computer systems according to their role in a business that establishes an evaluation baseline, this process is also called as ______________________. A. Inventory discovery
E. Fast implementation F. A+B+D+E - CORRECT ANSWER=> F. A+B+D+E" "Shelf life of the vulnerability identified by a consultant is significantly less. Correct Incorrect - CORRECT ANSWER=> Correct" "Which is an ideal option for continuous vulnerability assessment? Running vulnerabilities assessment software by yourself Performing application testing Using a cloud-based solution Vulnerabilities assessment performed by consultant - CORRECT ANSWER=> Using a cloud-based solution" "Qualys uses one of _____ severity levels to define severity of a vulnerability. Two Five Seven Three - CORRECT ANSWER=> Five" "CM stands for: Continuous Monitoring Compliance Management Criticality Mitigation Continuous Management - CORRECT ANSWER=> Continuous Monitoring" "A sound Vulnerability Management solution should be able to : Select all that apply. A. Automatically scan using a continually updated database of known attacks B. Run a scan annually C. Automatically execute the steps of VM in a continuous, ongoing process d. Enable users to run reports to visualize and prioritize the threats to their organization. E. Identify both external and internal weaknesses F. A+C+D+E - CORRECT ANSWER=> F. A+C+D+E" "___________________ testing executes an attack against found vulnerabilities and gives computer security teams a chance to exercise their defensive and detection capabilities. Scan
Penetration Performance Smoke - CORRECT ANSWER=> Penetration" "When new vulnerabilities are found the alerts are sent on the bases of: Severity level of the vulnerability and affected host Region Size of asset Application type Region - CORRECT ANSWER=> Region" "Qualys CM sent security alerts to first responders in the event of: A. Changes in an SSL certificate B. New port opening C. New software installed D. Log file generation E. Server utilization F. A+B+C - CORRECT ANSWER=> F. A+B+C" "In addition to assessment and remediation cyber threats also require _______. Continuous monitoring Firewall updates Log file analysis Feedback monitoring - CORRECT ANSWER=> Continuous monitoring" "What are the Capabilities of Qualys Continuous Monitoring? Select all that apply. Scans continuously for mission critical systems and subnetworks.‐ Provides immediate notification of vulnerabilities and remediation paths to first responders. Help boost efficiency in scanning and remediation. All options - CORRECT ANSWER=> All options" "Best VM practices suggest _______, _______ scanning and _______ to proactively guard against internal and external threats and ensure compliance. Protective, Continuous, and Defensive Regular, Continuous, and Remediation Defensive, Regular, and Continuous
