Qualys Reporting Strategies and Best Practices (Exam) 42 Questions with Verified Answers ,100% CORRECT

Document Content and Description Below

Qualys Reporting Strategies and Best Practices (Exam) 42 Questions with Verified Answers In the patch report template, which evaluation provides the most accurate patches that need to be installed... ? (A) Superseded patch evaluation (B) Latest patch evaluation (C) QID based patch evaluation (D) Classic patch evaluation - CORRECT ANSWER (A) Superseded patch evaluation Which scorecard report type allows you to identify hosts that are missing required patches and software?*** (A) Patch report (B) Vulnerability scorecard report (C) Missing software report (D) Asset Search Report - CORRECT ANSWER (A) Patch report Which of the following scenarios can lead to gaps in the patch tree structure and break the patch supersedence logic? Select all that apply. (A) Scan report with vulnerability search list or Threat Protection RTI filter (B) Cloud Agent data collection followed by an authenticated scan (C) Scan job with a custom vulnerability filter (D) Unauthenticated scan (E) Cloud Agent scan - CORRECT ANSWER (A) Scan report with vulnerability search list or Threat Protection RTI filter (C) Scan job with a custom vulnerability filter Identify the vulnerability types excluded by default in the VM/VMDR Dashboard. Select all that apply.*** (A) Fixed vulnerabilities (B) Disabled or Ignored vulnerabilities (C) Vulnerabilities without exploits (D) Low severity vulnerabilities (E) Vulnerabilities without patches - CORRECT ANSWER (A) Fixed vulnerabilities (B) Disabled or Ignored vulnerabilities The ____________ vulnerability type is enabled by default in a new report template. (A) Confirmed (B) Potential (C) Patched (D) Information Gathered - CORRECT ANSWER (B) Potential Stale asset and vulnerability data can affect your security risk and business risk calculations. *** (A) False (B) True - CORRECT ANSWER (B) True Adding non-Qualys user's email in the distribution group helps you distribute the scheduled report to such users. *** (A) True (B) False - CORRECT ANSWER (A) True When using host-based findings, which of these needs to be turned on to toggle the inclusion of Fixed vulnerabilities in the report?*** (A) Trending (B) (C) (D) - CORRECT ANSWER (A) Trending Which finding type allows you to include trending data in your reports?*** (A) Scanner based findings (B) San-based finding (C) Cloud Agent-based findings (D) Host-based findings - CORRECT ANSWER (D) Host-based findings Threat Protection RTIs are used in the___________ in VMDR to identify the potential impact of discovered vulnerabilities, as well as vulnerabilities that have known or existing threats. *** (A) Prioritization report (B) Remediation report (C) Scorecard report (D) Patch report - CORRECT ANSWER (A) Prioritization report Identify the factor from the following that does not affect the report generation process.*** (A) Number of detections (B) Trending period (C) Number of assets (D) Number of graphics - CORRECT ANSWER (D) Number of graphics Dashboard trend graphs are not meant to be an audit-ready method of tracking data over time as widget changes can wipe of previous trend data.*** (A) True (B) False - CORRECT ANSWER (A) True When building a dashboard widget mapped to a scan report template, it's important to note that the ________ option is not supported in VM/VMDR dashboard.*** (A) Exclude QIDs not exploitable due to configuration (B) Exclude non-running kernel (C) Exclude superseded patches (D) Exclude non-running services - CORRECT ANSWER C) Exclude superseded patches Which of the following locations allows you to manually ignore vulnerabilities on specific assets? Select all that apply.*** (A) Patch Report (B) Host scan report generated in HTML format (C) VMDR Prioritization report (D) Asset Search results (E) Search query results - CORRECT ANSWER (B) Host scan report generated in HTML format (D) Asset Search results Which of the following criteria can be used when building a custom vulnerability ranking scheme to align with your corporate policies and standards? Select all that apply.*** (A) Vulnerability Severity (B) Threat exposure (C) CVSS Temporal Score (D) CVSS Base score (E) CVSS Environment Score - CORRECT ANSWER (A) Vulnerability Severity (C) CVSS Temporal Score (D) CVSS Base score Which of the following factors must be considered when prioritizing vulnerability remediation in your environment? Select all that apply. (A) Platform type (B) Asset context (C) Business context (D) Threat exposure (E) Vulnerability Severity - CORRECT ANSWER (B) Asset context (D) Threat exposure (E) Vulnerability Severity Which of the following are applicable to the Unified Dashboard? (A) Includes a template library for ready-to-use widgets and dashboards (B) Replaces all other application dashboards (C) Brings data from multiple Qualys applications in one place for visualization (D) Supports multi-column group-by, summary count cards, multi-bar, and other visualization types (E) Supports scheduling of dashboard reports - CORRECT ANSWER (C) Brings data from multiple Qualys applications in one place for visualization (D) Supports multi-column group-by, summary count cards, multi-bar, and other visualization types Which of these is a recommended practice to remove stale data from your subscription to ensure more accurate reports? (A) Enable trending (B) Report Frequently (C) Use host-based reports (D) Purging - CORRECT ANSWER (D) Purging What happens when you purge an asset in your Qualys account? (A) Asset's scan-based findings are deleted (B) The asset is removed from asset groups (C) The asset is removed from your Qualys account (D) Asset's host-based findings are deleted - CORRECT ANSWER (D) Asset's host-based findings are deleted The _________ setting in the option profile automatically closes any open vulnerabilities on ports that are no longer targeted in your scan job. (A) Close Vulnerabilities on target ports (B) Purge old host data when OS is changed (C) Authoritative option for light scans (D) Close Vulnerabilities on Dead Hosts - CORRECT ANSWER (C) Authoritative option for light scans Which of the following apply when searching for vulnerability information in the VM/VMDR application? (A) Search results can be viewed in the form of assets or vulnerabilities (B) Search results can be filtered to show fixed, disabled, and ignored vulnerabilities (C) Search results can be filtered based on patch supersedence (D) Search results can be exported into a CVS file (E) Supports use of asset and/or vulnerability search queries - CORRECT ANSWER (A) Search results can be viewed in the form of assets or vulnerabilities (B) Search results can be filtered to show fixed, disabled, and ignored vulnerabilities (E) Supports use of asset and/or vulnerability search queries Scan-based findings include the status of each vulnerability - new, active, fixed, and reopened.*** (A) True (B) False - CORRECT ANSWER (B) False Which of the following apply when using QQL queries for searching data? Select all that apply. (A) Download search results into PDF, XML, MHT and HTML file formats (B) Download search results into a CSV file (C) Schedule the QQL query to run and export data daily, weekly, or monthly (D) Save the query for future use (E) Create a report template from the query - CORRECT ANSWER (B) Download search results into a CSV file (D) Save the query for future use By adding a user to the Report Template, he/she will get access to all reports generated using the template, even if access to the hosts is not provided. (A) False (B) True - CORRECT ANSWER (B) True Which of these authentication statuses will be returned if an authentication record exists for the host, but authentication is not enabled in the Option Profile? (A) Port not open (B) Not Attempted (C) Failed (D) Passed with insufficient privileges - CORRECT ANSWER (B) Not Attempted When a host was first scanned, QID 100 was detected on the host. On the second scan, the host was found to be dead. What will be the vulnerability status of QID 100 on the latest report? (A) Reopened (B) New (C) Fixed (D) Active - CORRECT ANSWER (B) New The Discovery method for QID 100 is authenticated. On the first successful authenticated scan, a host was found to be vulnerable to QID 100. On the second scan, authentication failed, and QID 100 could not be detected. What will be the vulnerability status of QID 100 on the latest report? (A) Active (B) Reopened (C) New (D) Fixed - CORRECT ANSWER (C) New Which of these reporting options can help you quickly identify how many assets have port 25 open? Select all that apply. (A) APIs (B) Queries (C) Detailed scan reports (D) Dashboards (E) Qualys Application for Splunk - CORRECT ANSWER (B) Queries (C) Detailed scan reports Which of the following settings, when enabled for the Qualys account, allow for scan findings generated by the scanner appliance and the Cloud Agent to be merged? Select all that apply. (A) Merge data by scan method (B) Enable Common view (C) Merge data for single unified view (D) Enable Merged niew (E) Enable smart merging - CORRECT ANSWER (A) Merge data by scan method (C) Merge data for single unified view (E) Enable Smart merging QID 100 is flagged when a host has TCP port 7000 open. On the first scan, a host was found to be vulnerable to QID 100. On the second scan, TCP port 7000 was not included. What will be the vulnerability status of QID 100 on the latest report? (A) New (B) Fixed (C) Active (D) Reopened - CORRECT ANSWER (A) New Which of the following patch severity display options are available in a patch report template? Select all that apply. (Choose all that apply) (A) Patch Severity (B) Assigned Severity (C) Lowest Severity (D) Vendor Severity (E) Highest Severity - CORRECT ANSWER (A) Patch Severity (B) Assigned Severity (E) Highest Severity Patch supersedence requires host-based findings to be enabled in the report template. (A) False (B) True - CORRECT ANSWER (A) False For reports distributed via a link in email, it is possible to restrict the number of times the report can be downloaded. (A) False (B) True - CORRECT ANSWER (A) False By default, how are reports sorted? (A) By host (B) By vulnerability (C) By operating system (D) By asset group - CORRECT ANSWER (D) By asset group ______________Includes a specific set of QIDs to customize scanning or reporting. *** (A) RTI (B) Dynamic Search List (C) Static Search Lists (D) Asset Tags - CORRECT ANSWER (C) Static Search Lists Which factors create stale data and negatively impact security risk calculations, remediation performance, and vulnerability tickets? Select all that apply. (Choose all that apply) (A) Change in host IP address or hostname (B) Change in authentication settings or target ports in the option profile (C) Operating system upgrade on a host (e.g. Windows 2008 to Windows 2012) (D) Change in host operating system (e.g., Windows to Linux) (E) Authentication failures - CORRECT ANSWER (A) Change in host IP address or hostname (E) Authentication failures Which of these options in the report template can limit the data to a specific time frame? *** (A) Display Options (B) Search List (C) Trending (D) Vulnerability Status Filters - CORRECT ANSWER (C) Trending When planning VMDR reports, which of the following must be taken into account? Select all that apply. (A) Severity (B) Levels of the organization (C) CVSS score (D) Team structure (E) Network segments - CORRECT ANSWER (B) Levels of the organization (D) Team structure (E) Network segments Merging scan data and Cloud Agent data for a single unified view in the report is unsupported when performing unauthenticated scans. (A) False (B) True - CORRECT ANSWER (A) False Which of the following apply when using search queries in the VM/VMDR application? Select all that apply. (A) Search results display information gathering QIDs by default (B) Use of range queries is not recommended (C) You can use asset-specific queries in the Vulnerability search area and vice-versa (D) Avoid using the NOT clause for vulnerability search (E) Avoid using the NOT clause for asset search - CORRECT ANSWER (B) Use of range queries is not recommended (D) Avoid using the NOT clause for vulnerability search Host-based findings are affected by the change in the authentication status of the host. (A) True (B) False - CORRECT ANSWER (A) True Which of the following recommendations should be considered when your host-based scan report takes too long to generate or frequently errors out? Select all that apply. (A) Fine-tune vulnerability filter and display options (B) Run a separate report for Fixed vulnerabilities (C) Avoid using graphics (D) Decrease the report trend duration to 90 days or lower (E) Avoid using the "All" Asset Group - CORRECT ANSWER (A) Fine-tune vulnerability filter and display options (D) Decrease the report trend duration to 90 days or lower (E) Avoid using the "All" Asset Group [Show More]

Last updated: 10 months ago

Preview 1 out of 12 pages