1.

Which type of Dashboard Widget can be configured to change color, as its tracked data reaches
specific conditions or threshold levels?

Bar Chart Table Count Pie Chart

2. Which of the following frequencies, can be used to schedule a Patch Deployment Job? Select all
that apply.

Weekly Quarterly Annually Daily

3. Which Qualys application module is NOT include in the Default VMDR Activation Key?

Patch Management PCI Compliance

Cybersecurity Asset Management Vulnerability Management

4. Which Qualys application, provides the Real-Time Threat Indicators (RTIs) used in the VMDR
Prioritization Report?

Patch Management Asset Inventory

Threat Protection Vulnerability Management

5. The Qualys CSAM application distinguishes your asset inventory using which of the following
categories? Select all that apply.

Software Hardware

Firmware Operating System

6. Which “Active Threat” category includes attacks that require little skill and do not require
additional information?

Predicted High Risk Easy Exploit

Public Exploit Zero Day

7. Presently, you can add up to _____ patches to a single job.

2000 1250

1750 1500

8. Which Qualys technology provides a patch download cache, to achieve a more efficient
distribution of downloaded patches, to local agent host assets?

Qualys Passive Sensor Qualys Scanner Appliance

Qualys Gateway Server Qualys Connector

9. Using the “Search” field (found in the VULNERABILITIES section of VMDR), which query will
produce a list of “patchable” vulnerabilities?

vulnerabilities.vulnerability.qualysPatchable:TRUE

vulnerabilities.vulnerability.isPatchable:TRUE
 vulnerabilities.vulnerability.qualysPatchable:FALSE

vulnerabilities.vulnerability.isPatchable:FALSE

10. Which of the following queries will display assets with a Relational Database Management
System?

software:(category1:Databases / RDBMS) software:(Databases / RDBMS), software:

11. By default, which of the following factors are used by the VMDR Prioritization Report, to
prioritize vulnerabilities? Select all that apply.

Vulnerability age Real time Threat Indicators

Compliance Posture Attack Surface

12. Which “Active Threat” category includes vulnerabilities that are actively attacked and have no
patch available?

Easy Exploit Malware

Exploit Kit Zero Day

13. Which of the following conventions can be used to include or assign host assets to a job? Select
all that apply.

Business Unit Asset Name

Asset Tag Asset Group

14. Qualys categorizes your software inventory by which of the following license types? Select all
that apply.

Premier Trial

Commercial Open Source

15. You are in the process of inducting new employees on the Global AssetView application. In your
presentation you have to add the features of this application. Which features from the below
mentioned list will you include? Select all that apply.

Categorized and normalized hardware and software information

Ability to define and track unauthorized software

Asset Criticality Score

Discovery and inventory of all IT assets

16. You have been asked to create a “Zero-Touch” patch deployment job. You have already
scheduled this job to run once a week. What additional requirement must be met?

Select patches using Asset Tags Defer patch selection to a later time

Automate patch selection using QQL Select patches manually

Patches Threat Feeds

Vulnerabilities Assets

18. Once you establish your priority option you can generate your Prioritization Report. By default
this report will produce a list of _________ that match your priority options.

Create Dashboard widgets for all the contents of the report

Export the report to dashboard and create a dynamic widget

Schedule a report to run on a regular basis

Run a report every time it is needed

19. After Qualys Cloud Agent has been successfully installed on a target host, which of the following
“Patch Management” setup steps must be completed, before host patch assessments can begin?
Select all that apply.

Assign host to CA Configuration Profile (with PM enabled)

Activate PM module on host

Assign host to a PM Job

Assign host to an enabled PM Assessment Profile

20. You have to prioritize the vulnerabilities by age before you go ahead and generate a
Prioritization Report. When you are prioritizing vulnerabilities by age, you have the options of:
Select all that apply.

Vulnerability Age Detection Age

Priority Age Installation Age

21. In CSAM, the term “unidentified” means: Select all that apply.

There isn’t enough information gathered to determine the OS/hardware/software

Qualys couldn’t fully fingerprint the OS

There is enough information, but the data isn’t catalogued in CSAM yet

Qualys could fully fingerprint the OS but it’s not in your subscription

22. You were unable to search some of your Operating Systems using a lifecycle query. Later, you
found out the reason. The lifecycle stage of the operating system you were searching was:

End of life End of support Obsolete General Availability

23. Which of the following conditions must be met, in order for Qualys Patch Management to
successfully patch a discovered vulnerability? Select all that apply.

The vulnerability should be less than 30 days The vulnerability must be confirmed, The
vulnerability’s host must be running Qualys Cloud Agent The vulnerability must be patchable
24. You have to run a patch job on a regular basis. Which of the following will you follow in order to
make your work efficient? Select all that apply.

Use Asset Tags as targets for patch deployment jobs

Use the dashboard to monitor

Schedule patch job on a monthly basis

Once test deployments are verified

Clone the deployment job and include production asset tags

25. The Threat Feed leverages data from multiple sources. Which of the following sources are used?
Select all that apply.

Other Sources Exploit Sources Malware Sources Qualys Threat and Malware Research Team

26. You have deployed several thousand Qualys Cloud Agents, and now you would like to conserve
network bandwidth by allowing your agents to store and share their downloaded patches (from
a central location). Which Qualys technology is the best fit to solve this challenge?

Qualys Passive Sensor Qualys Gateway Server Qualys Cloud Connector Qualys Scanner Appliance

27. You have to analyse the threat intelligence information provided by Qualys Threat and Malware
Labs. Where will you find this information?

VMDR > Vulnerabilities tab > Asset VMDR > Dashboard tab

VMDR > Prioritization tab > Threat Feed VMDR > Prioritization tab > Reports

28. Your colleague has just completed the following steps to setup your Qualys account for patching:
1. Installed Qualys Cloud Agent on target hosts. 2. Assigned all Agent hosts to a Configuration
Profile with PM configuration enabled. 3. Activated the PM application module for all Agent
hosts. 4. Assigned all hosts to an enabled Assessment Profile. Although Deployment Jobs have
been created and enabled, patches are not getting installed. What step did your colleague miss?

Targeted assets must be configured to consume a patching license

Targeted assets must be labelled with the ""Patchable"" Asset Tag

Targeted assets must be added to the ""Patch Management"" Asset Group

Targeted assets must be added to the Patch Catalogue

29. A pre-deployment message appears at the start of a patch job. You have to create a deployment
job for a Windows user wherein he will receive a notification message to the user indicating that
a reboot is required. What communication option will you select?

Reboot message Reboot Countdown Supress Reboot Reboot Request

30. Your IT team has configured a patch window to run a deployment job within 5 hours. Due to
some reason you were not able to start the patch installation within that window. What status
will they host display?

Not attempted Timed out Retry Failed