Qualys Training Exams.

2. Which of the following sensors are presently used by Qualys VM to

collect the data needed to perform host vulnerability assessments?
(choose 2)
3. Choose all that apply:

4. Cloud Agent

5. Scanner Appliance

6. Passive Sensor

7. Cloud Connector
8. SubmitCancel

While it is highly recommended, which of the following is NOT required to launch a

vulnerability scan?
Choose an answer:
Target Hosts
Option Profile
Authentication Record

Scanner Appliance
Which of the following best describes a “Dynamic” Search List?
Choose an answer:
Manually updated – Static List
Updates can be scheduled regularly
Automatically updated

Updated only upon user request

Select the option below that contains the correct order or sequence of events.
Choose an answer:
1) Add host to subscription, 2) Use host as report source, 3) Scan host
1) Use host as report source, 2) Add host to subscription, 3) Scan host
1) Add host to subscription, 2) Scan host, 3) Use host as report source

1) Scan host, 2) Add host to subscription, 3) Use host as report source

Which of the following are components of a Business Unit? (choose 2)
Choose all that apply:
Search Lists
 Asset Groups
Policies
Users

Option Profiles
What is the name given to a custom list of QIDs taken from the Qualys KnowledgeBase?
Choose an answer:
Search List
Asset Group
Authentication Record

Host Assets
To enumerate installed software applications on targeted hosts, scans should be
performed in __________ mode.
Choose an answer:
Unauthenticated
Authenticated
Authoratative

Verbose
Which of the following modules are regular components of the vulnerability scanning
process? (choose 3)
Choose all that apply:
OS Detection
Port Scanning
Host Discovery
Packet Sniffing

VLAN Tagging
To produce a "trend" report that covers the last twelve months of vulnerability activity,
you should select ______ Based Findings in the Scan Report Template.
Choose all that apply:
Scan
Client
Host

Server
You have just created a KnowledgeBase Search List. Where can you use or
apply it? (choose 3)
Choose all that apply:
 In a Remediation Policy
In an Asset Group
In an Option Profile
In a Report Template
In a Business Unit

In an Asset Tag
SubmitCancel
Agent data (data collected by a Qualys Agent) is stored as ______ Based Findings.
Choose an answer:
Host
Scan
Client

Server
What phase or step of the Qualys Vulnerability Management Lifecycle, produces scan
results containing vulnerability findings?
Choose an answer:
Report
Discover
Remediate

Assess
One of your colleagues would like to build a report to display vulnerability findings over
the last three months (including trending information)? What do you recommend?
Choose an answer:
Build a scan template with the "All" Asset Group as its target.
Build a scan template that uses Host Based Findings.
Build a scan template that sorts findings by Asset Group

Build a scan template that uses Scan Based Findings

What type of scanner appliance (by default) is available to all Qualys users with
"scanning" privileges?
Choose an answer:
Offline Scanner
Virtual Scanner
External (Internet-based) Scanner

Internal Scanner
Why is it beneficial to configure the Business Impact of an Asset Group?
Choose an answer:
It's used to calculate storage space
It's used to calculate Severity Levels.
It's used to calculate CVSS Scores.

It's used to calculate Business Risk

Which of the following is NOT a valid target for launching a scan?
Choose an answer:
Search List
Asset Tag
IP Address

Asset Group
To achieve the most accurate OS detection results, scans should be performed in
__________ mode.
Choose an answer:
Verbose
Unauthenticated
Authoratative

Authenticated
Which of the following are required, to perform an “authenticated” scan that only
targets “severity 5” vulnerabilities? (choose all that apply)
Choose all that apply:
Scanner appliance
Target Hosts
Authentication Record
Search List (severity 5 QIDs)

Option Profile

Which of the following does not accurately describe a behavior or characteristic of a

Remediation Policy?
Choose an answer:
A Remediation policy at the bottom of the list has precedence over the policies above it.
A Remediation policy can be configured to assign detected vulnerabilities to Qualys users.
A Remediation policy can be configured to ignore certain vulnerability QIDs.

Remediation policies contain conditions and actions.

What does it mean when a “blue key” icon is associated with a QID in the Qualys
KnowledgeBase?
Choose an answer:
The QID has a known exploit
A patch is available for the QID
The QID has been edited

Authentication is required for successful QID testing

Which of the following tasks can be accomplished using "Asset Search" within the
Vulnerability Management application? (choose 3)
Choose all that apply:
Build a Search List
Produce a list of host assets
Create an Asset Tag

Edit a list of host assets

By default, the first user added to a new Business Unit becomes a ____________ for that unit.
Choose an answer:
Auditor
Administrator
Reader
Scanner

Unit Manager
To produce a vulnerability report containing the results from a specific and distinct scan,
you should select ______ Based Findings in the Scan Report Template.
Choose an answer:
Scan
Client
Server

Host
One of your "Scanner" users would like to perform a comprehensive scan (occasionally)
that targets the maximum number of service ports. Which port scanning option do you
recommend?
Choose an answer:
None
Standard Scan
Light Scan
 Full
What is the default number of “Host Discovery” TCP ports?
Choose an answer:
13
1900
180

20
Which of the following is the default tracking method used by Qualys Cloud Agents?
Choose an answer:
Qualys Host ID
IP Address
NetBIOS Name

DNS Name
Which module does a Qualys Scanner Appliance load to determine the LIVE/DEAD status
of targeted hosts?
Choose an answer:
OS Detection
Service Detection
Port Scanning

Host Discovery
Which of the following criteria can be used to create a dynamic Search List? (choose 3).
Choose all that apply:
IP Address
Host Name
CVE ID
CVSS Score

Severity Level
What color code is used in the Qualys KnowledgeBase to identify QIDs that exhibit
predictable (but different) results in the presence or absence of authentication?
Choose an answer:
Blue
Yellow
Half-Red/Half-Yellow

Red
 Cloud Agent

As a "best practice," associate an Activation Key with an Asset Tag, that uses the
_________________ Rule Engine.
Choose an answer:

IP Address in Range(s)

Open Ports

Asset Name Contains

No Dynamic Rule

Which Cloud Agent status indicates an agent was upgraded to a new version?
Choose an answer:

Agent Downloaded

Provisioned

Manifest Downloaded

Configuration Downloaded

Communication sessions between Cloud Agent and the Qualys Platform must be
initiated by:
Choose an answer:

Either Cloud Agent or the Qualys Platform

Qualys Platform

Neither Cloud Agent nor the Qualys Platform

Cloud Agent

Which of the following Configuration Profile settings will allow you to upgrade agents,
using a third-party software management and distribution tool?
Choose an answer:

Prevent auto updating of the agent binaries

Enable PM module for this profile

 Enable Agent Scan Merge for this profile

Suspend data collection for VM, PC and Inventory for all agents using this profile

Each activated Qualys application module provides a(n) __________ to deployed agents,
identifying tasks to be performed and data to be collected.
Choose an answer:

Manifest

Asset Tag

Activation Key

Configuration Profile

In the case of a duplicate UUID, the platform will:

Choose an answer:

Purge the agent

Re-provision the agent to ensure a unique ID

Delete the agent

Download a new Manifest

If you’ve configured the CPU Limit to 20%, for a group of Windows agents, the agents will
use:
Choose an answer:

More than 20% of all cores.

Up to 20% CPU of all cores.

More than 20% of one core.

Up to 20% CPU of one core

Once an activation key is successfully generated it can be used with ________ of the
supported operating systems.
Choose an answer:

two

three
 one

all

Which of the following is NOT a task associated with the Provisioning stage of the Agent
Lifecycle?
Choose an answer:

Agent generates its Qualys Host ID or re-provisions its Qualys Host ID for cloned images.

Agent performs an initial assessment scan

Agent attempts to connect to the Qualys Platform (with valid CustomerID and ActivationID)

Agent is validated by the Qualys platform

Which Configuration Profile setting specifies the frequency an agent “checks in” to the
Qualys Platform, for status updates and new tasks?
Choose an answer:

Upgrade Reattempt Interval

Agent Status Interval

Delta Upload Interval

Payload Threshold Time

Identify the three basic approaches used to deploy Cloud Agents.

Choose all that apply:

Manually install agents at the host command line.

Select the “Install Cloud Agent” option in a scanning Option Profile.

Install Cloud Agent using a third-party software management and distribution tool.

Install Cloud Agent in a “Gold Image” used to instantiate numerous virtual hosts.

Which applications are subsequently covered by Cloud Agent when the VM module is
activated? (choose two)
Choose all that apply:

Continuous Monitoring (CM)

File Integrity Monitoring (FIM)

 Policy Compliance (PC)

Threat Protection (TP)

What is the recommended approach for removing Cloud Agent from its host?
Choose an answer:

Use Asset Search to locate the agent host, and select the "Purge" option from the "Actions"
menu.

Use the "Uninstall Agent" option from the host's "Quick Actions" menu.

Kill the "Cloud Agent" process, and reboot the host.

Manually remove all "Cloud Agent" files and programs.

Which Qualys application module is activated (by default) when an agent is deployed?
Choose an answer:

Policy Compliance (PC)

Security Configuration Assessment (SCA)

Asset Inventory (AI)

Vulnerability Management (VM)

Which query will help you to find agents that have not checked-in within the last 7 days?
Choose an answer:

not lastCheckedIn (7days)

not lastCheckedIn > now-7d

lastCheckedIn (not, 7days)

lastCheckedIn > now-7d

A Cloud Agent Configuration Profile can be used to configure: (choose 3)

Choose all that apply:

Assigned Hosts

Performance

Agent Unit Manager

 Blackout Windows

Extras: FIM, EDR and PM

Which of the following options and/or preferences can be defined inside a Cloud Agent
Activation Key? (choose 3)
Choose all that apply:

Select Agent Unit Manager

Set limits

Select application modules

Assign Asset Tags

Which Qualys application module captures and logs events as they occur?
Choose an answer:

Security Configuration Assessment (SCA)

File Integrity Monitoring (FIM)

Vulnerability Management (VM)

Policy Compliance (PC)

Before any agents can be successfully deployed, you must first:

Choose an answer:

Create an Activation Key

Create the "Cloud Agent" Asset Tag

Create a Configuration Profile

Create the "Cloud Agent" Asset Group

Which of the following can potentially be received by an agent, when it checks in at its
regular Agent Status Interval?
Choose all that apply:

Data Chunk upload

New Manifests
 Uninstallation Command

Updated Configuration Profile

Although Cloud Agent (CA) can be configured to support a proxy server; by default, CA
communicates back to the Qualys Cloud on which port number?
Choose an answer:

443

110

80

22

By default, a Cloud Agent Activation Key is:

Choose an answer:

Unlimited - it allows you to add any number of agents at any time.

Set to expire 12 months from its creation date.

Limited to 1000 host assets.

Limited to 1000 host assets and set to expire 12 months from its creation date.

Which Qualys application modules collect data at regular (user-defined) intervals?

Choose all that apply:

Security Configuration Assessment (SCA)

File Integrity Monitoring (FIM)

Vulnerability Management (VM)

Policy Compliance (PC)

The “Delta Upload Interval” and “Chunk sizes for file fragment uploads” settings (in the
Configuration Profile), are designed to impact the way an agent uses _________________ .
Choose an answer:

Disk Space

Host Memory
 Network Bandwidth

Host CPU

After the agent’s initial snapshot has been uploaded to the Qualys Platform, all
successive uploads will contain _________.
Choose an answer:

Only changes (deltas)

Full hard drive images

Memory dumps

Log file status messages

Which of the following indicators can potentially validate a successful Cloud Agent
installation? (choose 3)
Choose all that apply:

The Qualys Cloud Agent process is running on the host.

The “Installation Successful” message is displayed in the “Command Prompt” or “Terminal”

window.

The host has received a unique Qualys Host ID.

Successful communication status codes are recorded in the agent log file.

Which Cloud Agent status indicates the agent uploaded new host data, and an
assessment of the host was performed within the Qualys Cloud Platform?
Choose an answer:

Manifest Downloaded

Configuration Downloaded

Provisioned

Scan Complete

https://qualysguard.qg2.apps.qualys.com/portal-help/en/ca/agents/agent_status.htm
 Global IT Asset Inventory and Management

Operating systems are categorized in Global IT Asset Inventory with _______ levels of
categorization.
Choose an answer:

Where are unmanaged assets listed in Qualys?

Choose an answer:

Administration Utility

Global IT Asset Inventory

Policy Compliance

AssetView

Once Passive Sensor has discovered an asset, you can see data for that host by
Choose an answer:

Viewing the logs on the host’s agent

Logging into the Passive Sensor

Logging into the Qualys Platform

Building a Policy for the host and then running a report

What are the advantages of the Global Asset Inventory Application? Click all that apply.
(Choose 3)
Choose all that apply:

It enriches your inventory data with lifecycle information

It is a single source of truth for IT teams

It shows you a list of fixed vulnerabilities

 It helps you see your unmanaged devices

When configuring Network Passive sensor settings, you would use the _____ configuration
to define IPs of assets that you WANT to track.
Choose an answer:

External Assets

Excluded Assets

Internal Assets

Unmanaged Assets

After deploying the Passive Sensor and you can log into the Qualys Platform
and view the following performance statistics of each sensor:
Choose all that apply:

Traffic

RAM

CPU

Denial of Service Statistics

SubmitCancel

Which of the following is NOT a life cycle stage on which you can search in your
Operating System inventory?
Choose an answer:

End-of-Life

End-of-Support

General Availability

Obsolete

Which of the following is NOT a life cycle stage on which you can search in your
Operating System inventory?
Choose an answer:

End-of-Life

End-of-Support
 General Availability

Obsolete

What would words could best describe the data populating into Global IT Asset Inventory
from your sensors? (Choose 3)
Choose all that apply:

Incongruent

Structured

Continuous

Complete

In Global IT Asset Inventory, the term “unidentified” means (Choose 2):

Choose all that apply:

Qualys couldn’t fully fingerprint the OS

There is enough information but the data isn’t cataloged in Global AI yet

The asset is not in your subscription

There isn’t enough information gathered to determine the OS/hardware/software

Qualys enhances your software inventory in the platform by telling you when the
software is …. (choose 2)
Choose all that apply:

Using too much CPU

End-of-Support

Using too much memory

End-of-Life

A host is classified as “unmanaged” if it:

Choose an answer:

Isn't Compliant

Isn't being monitored for indications of compromise

Is vulnerable
 Doesn’t match any of the devices that you already know about.

SubmitCancel

Data detected by a Passive Sensor can be merged with an existing asset when it matches
the following (choose 2):
Choose all that apply:

IP address only

IP address & Hostname

Hostname only

IP address & MAC Address

Which sensor allows you to organize and categorize assets that connect to the corporate
network without actively scanning them?
Choose an answer:

Cloud Agent

CMDB Sync

Network Scanner

Passive Sensor

Which sensor actively enumerates vulnerabilities on host systems?

Choose an answer:

Passive Sensor

Cloud Connector

Network Scanner

CMDB Sync

SubmitCancel

Which sensor has the flexibility to provide vulnerability, compliance, and the ability to
patch vulnerabilities?
Choose an answer:

OCA

Passive Sensor
 Cloud Agent

Network Scanner

Which of the following options do you have for creating Asset Tags? (Choose 3)
Choose all that apply:

Most Vulnerable System

Cloud Asset Search

Operating System

Software Installed

Choose the option that is NOT true about Asset Tags.

Choose an answer:

They can be dynamic or static

They need to be manually assigned to assets

They are hierarchical

They are used to refer to assets

Qualys categorizes your software inventory by which of the following license types?
(Choose 2)
Choose all that apply:

Open Source

Extended

Premier

Commercial

What are considered good practices for creating Asset Groups (Choose 3)?
Choose all that apply:

Organize by device type

Use a naming convention

Use IP ranges
 Organize by geographic location

When creating Asset Groups, Qualys recommends creating them with _______
Choose an answer:

Full contiguous IP ranges

MAC Addresses

Hostnames

Individual IP addresses

When creating Asset Groups, Qualys recommends creating them with _______
Choose an answer:

Full contiguous IP ranges

MAC Addresses

Hostnames

Individual IP addresses

Passive sensor can be deployed as a(n):

Choose all that apply:

Virtual appliance

Hardware appliance

Agent

Mobile device

What does Qualys recommend using for running your Vulnerability and Compliance
Scans?
Choose an answer:

Asset Groups

Reports

Plans

Asset Tags
Which sensor works well for inventory of remote users who aren’t connected the
corporate network?
Choose an answer:

Passive Sensor

Cloud Agent

CMDB Sync

Network Scanner

Logical buckets for referring to host assets or domain assets are _________.
Choose an answer:

Hostnames

IP addresses

Asset Tags

Asset Groups

Select the items in this list that are TRUE about Asset Groups (Choose 3).
Choose all that apply:

Asset Groups can be nested by default

An IP address can exist in multiple Asset Groups

Asset Groups are static

Asset Groups should be IP ranges