Qualys Web Application Scanning
(EXAM) with Complete Questions
and Answers
The Malware Monitoring option should only be enabled for:
(A) Applications with a "malware" tag
(B) Internal facing applications
(C) External facing applications
(D) Both internal and external facing applications - ANSWER-(C) External
facing applications
Where can you "Ignore" a vulnerability for a Web Application? (select two)
(Choose all that apply)
(A) Scorecard Report
(B) Scan Report
,(C) Web Application Report
(D) Detections Tab - ANSWER-(B) Scan Report
(D) Detection Tab
A Search List contains a list of:
(A) Username/Password combinations
(B) QIDs from the Qualys KnowledgeBase
(C) Crawling hints
(D) Common input parameters - ANSWER-(B) QIDs from the QualysBase
When launching a Web Application Scan, you have the option to override
some default settings. Which of the following options can NOT be
overridden?
(A) Option Profile
(B) Crawl Scope
(C) Scanner Appliance
(D) Authentication Record - ANSWER-(D) Authentication Record
, What attack proxies can you integrate with Qualys WAS?
(A) BURP
(B) W3af
(C) ZAP
(D) WebScarab - ANSWER-(A) BURP
How can you get your scan to follow a business workflow (such as a shopping
cart transaction)?
(A) Use a Selenium Script to record and replay the workflow
(B) Use a Custom Authentication Record
(C) Use a Crawl Exclusion List
(D) Use DNS Override - ANSWER-(A) Use a Selenium Script to record and
replay the workflow
Which WAS feature uses a virtual machine farm to detect a potentially
malicious script in a Web application?
(A) Progressive Scanning
(EXAM) with Complete Questions
and Answers
The Malware Monitoring option should only be enabled for:
(A) Applications with a "malware" tag
(B) Internal facing applications
(C) External facing applications
(D) Both internal and external facing applications - ANSWER-(C) External
facing applications
Where can you "Ignore" a vulnerability for a Web Application? (select two)
(Choose all that apply)
(A) Scorecard Report
(B) Scan Report
,(C) Web Application Report
(D) Detections Tab - ANSWER-(B) Scan Report
(D) Detection Tab
A Search List contains a list of:
(A) Username/Password combinations
(B) QIDs from the Qualys KnowledgeBase
(C) Crawling hints
(D) Common input parameters - ANSWER-(B) QIDs from the QualysBase
When launching a Web Application Scan, you have the option to override
some default settings. Which of the following options can NOT be
overridden?
(A) Option Profile
(B) Crawl Scope
(C) Scanner Appliance
(D) Authentication Record - ANSWER-(D) Authentication Record
, What attack proxies can you integrate with Qualys WAS?
(A) BURP
(B) W3af
(C) ZAP
(D) WebScarab - ANSWER-(A) BURP
How can you get your scan to follow a business workflow (such as a shopping
cart transaction)?
(A) Use a Selenium Script to record and replay the workflow
(B) Use a Custom Authentication Record
(C) Use a Crawl Exclusion List
(D) Use DNS Override - ANSWER-(A) Use a Selenium Script to record and
replay the workflow
Which WAS feature uses a virtual machine farm to detect a potentially
malicious script in a Web application?
(A) Progressive Scanning
