5
Vulnerability Management Detection and Response (VMDR)
LATEST EXAM QUESTIONS AND ANSWERS HIGHLY
VERIFIED 2023/2024 BEST RATED A+
What are the features of the Patch Management (PM) application - Correct answer
What are the steps for Patch Management as a response to vulnerability findings - Correct
answer
What is asset management? - Correct answer Step 1 in the VMDR lifecycle
What is vulnerability management? - Correct answer Step 2 in the VMDR lifecycle
What is threat detection and prioritization? - Correct answer Step 3 in the VMDR lifecycle
What is response (patch deployment?) - Correct answer Step 4 in the VMDR lifecycle
What should you ask your business, IT, and security managers regarding cyberhygine? -
Correct answer 1. Do we know what assets we have and what is connected to our systems and
networks?
2. Do we know what's running (or trying to run) on our systems and networks?
3. Are we limiting and managing the number of people with administrative privileges to change,
bypass, or override the security settings on our systems and networks?
4. Do we have in place continuous processes backed by security technologies that would allow
us to prevent most breaches, rapidly detect all that do succeed, and minimize damage to our
business and our customers?
5. Can we demonstrate that we have an effective monitoring strategy in place to our Board, our
shareholders, and customers today?
What are the major steps to take in "Inventory and Control Enterprise Assets?" - Correct answer
1. Establish and Maintain Detailed Enterprise Asset Inventory
2. Address Unauthorized Assets
What are the major steps to take in "Inventory and Control Software Assets?" - Correct answer
1. Establish and Maintain a Software Inventory
2. Ensure Authorized Software Is Currently Supported
3. Address Unauthorized Software
What are the major steps to take in "Protect Data?" - Correct answer 1. Establish and Maintain
a Data Management Process
2. Establish and Maintain a Data Inventory
3. Configure Data Access Control Lists
4. Enforce Data Retention
[Type here] [Type here] [Type here]
, 5
5. Securely Dispose of Data
6. Encrypt Data on End-User Devices
What should be addressed during Establish and Maintain a Data Management Process? -
Correct answer 1. What type of data does the university process or store?
2. Where is the data processed or stored?
3. Who has access to each type of data?
What is CIA? - Correct answer Confidentiality, Integrity, and Availability
What are the steps for secure configuration and baseline image? - Correct answer 1. Determine
the risk classification of the data handled or stored on the asset.
2. Create a security configuration script that sets system security settings to meet the
requirements to protect the data used on the asset.
3. Install the base operating system software.
4. Apply appropriate operating system and security patches.
5. Install appropriate application software packages, tools, and utilities.
6. Apply appropriate updates to operating systems.
Install local customization scripts to this image.
7. Run the security script created earlier to set the appropriate security level.
8. Run a Security Content Automation Protocol (SCAP) compliant tool to record and score the
system setting of the baseline image.
9. Perform a security quality assurance test.
10. Save this base image in a secure location.
What are the Safeguards? - Correct answer 1. Establish and Maintain a Secure Configuration
Process
2.Establish and Maintain a Secure Configuration Process for Network Infrastructure
3. Configure Automatic Session Locking on Enterprise Assets
4. Implement and Manage a Firewall on Servers
5. Implement and Manage a Firewall on End-User Devices:
6. Securely Manage Enterprise Assets and Software:
7. Manage Default Accounts on Enterprise Assets and Software:
What are Remote Scanners? - Correct answer internet-facing and ideal for scanning internet-
facing assets around the globe.
What are Local Scanners? - Correct answer deployed on local area networks and commonly
scan assets within reserved or private IP address ranges. Can be physical or virtual.
What are Qualys Cloud Agents? - Correct answer run as a local process on the host they
protect.
[Type here] [Type here] [Type here]
Vulnerability Management Detection and Response (VMDR)
LATEST EXAM QUESTIONS AND ANSWERS HIGHLY
VERIFIED 2023/2024 BEST RATED A+
What are the features of the Patch Management (PM) application - Correct answer
What are the steps for Patch Management as a response to vulnerability findings - Correct
answer
What is asset management? - Correct answer Step 1 in the VMDR lifecycle
What is vulnerability management? - Correct answer Step 2 in the VMDR lifecycle
What is threat detection and prioritization? - Correct answer Step 3 in the VMDR lifecycle
What is response (patch deployment?) - Correct answer Step 4 in the VMDR lifecycle
What should you ask your business, IT, and security managers regarding cyberhygine? -
Correct answer 1. Do we know what assets we have and what is connected to our systems and
networks?
2. Do we know what's running (or trying to run) on our systems and networks?
3. Are we limiting and managing the number of people with administrative privileges to change,
bypass, or override the security settings on our systems and networks?
4. Do we have in place continuous processes backed by security technologies that would allow
us to prevent most breaches, rapidly detect all that do succeed, and minimize damage to our
business and our customers?
5. Can we demonstrate that we have an effective monitoring strategy in place to our Board, our
shareholders, and customers today?
What are the major steps to take in "Inventory and Control Enterprise Assets?" - Correct answer
1. Establish and Maintain Detailed Enterprise Asset Inventory
2. Address Unauthorized Assets
What are the major steps to take in "Inventory and Control Software Assets?" - Correct answer
1. Establish and Maintain a Software Inventory
2. Ensure Authorized Software Is Currently Supported
3. Address Unauthorized Software
What are the major steps to take in "Protect Data?" - Correct answer 1. Establish and Maintain
a Data Management Process
2. Establish and Maintain a Data Inventory
3. Configure Data Access Control Lists
4. Enforce Data Retention
[Type here] [Type here] [Type here]
, 5
5. Securely Dispose of Data
6. Encrypt Data on End-User Devices
What should be addressed during Establish and Maintain a Data Management Process? -
Correct answer 1. What type of data does the university process or store?
2. Where is the data processed or stored?
3. Who has access to each type of data?
What is CIA? - Correct answer Confidentiality, Integrity, and Availability
What are the steps for secure configuration and baseline image? - Correct answer 1. Determine
the risk classification of the data handled or stored on the asset.
2. Create a security configuration script that sets system security settings to meet the
requirements to protect the data used on the asset.
3. Install the base operating system software.
4. Apply appropriate operating system and security patches.
5. Install appropriate application software packages, tools, and utilities.
6. Apply appropriate updates to operating systems.
Install local customization scripts to this image.
7. Run the security script created earlier to set the appropriate security level.
8. Run a Security Content Automation Protocol (SCAP) compliant tool to record and score the
system setting of the baseline image.
9. Perform a security quality assurance test.
10. Save this base image in a secure location.
What are the Safeguards? - Correct answer 1. Establish and Maintain a Secure Configuration
Process
2.Establish and Maintain a Secure Configuration Process for Network Infrastructure
3. Configure Automatic Session Locking on Enterprise Assets
4. Implement and Manage a Firewall on Servers
5. Implement and Manage a Firewall on End-User Devices:
6. Securely Manage Enterprise Assets and Software:
7. Manage Default Accounts on Enterprise Assets and Software:
What are Remote Scanners? - Correct answer internet-facing and ideal for scanning internet-
facing assets around the globe.
What are Local Scanners? - Correct answer deployed on local area networks and commonly
scan assets within reserved or private IP address ranges. Can be physical or virtual.
What are Qualys Cloud Agents? - Correct answer run as a local process on the host they
protect.
[Type here] [Type here] [Type here]
