Qualys Web Application Scanning (EXAM 2023) Scored 80%

Qualys Web Application Scanning (EXAM 2023) Scored 80% The Malware Monitoring option should only be enabled for: (A) Applications with a "malware" tag (B) Internal facing applications (C) External facing applications (D) Both internal and external facing applications Ans (C) External facing applications Where can you "Ignore" a vulnerability for a Web Application? (select two) (Choose all that apply) (A) Scorecard Report (B) Scan Report (C) Web Application Report (D) Detections Tab Ans (B) Scan Report (D) Detection Tab A Search List contains a list of: (A) Username/Password combinations (B) QIDs from the Qualys KnowledgeBase (C) Crawling hints (D) Common input parameters Ans (B) QIDs from the QualysBase When launching a Web Application Scan, you have the option to override some default settings. Which of the following options can NOT be overridden? (A) Option Profile (B) Crawl Scope (C) Scanner Appliance (D) Authentication Record Ans (D) Authentication Record What attack proxies can you integrate with Qualys WAS? (A) BURP (B) W3af (C) ZAP (D) WebScarab Ans (A) BURP How can you get your scan to follow a business workflow (such as a shopping cart transaction)? (A) Use a Selenium Script to record and replay the workflow (B) Use a Custom Authentication Record (C) Use a Crawl Exclusion List (D) Use DNS Override Ans (A) Use a Selenium Script to record and replay the workflow Using the "Crawling Hints" setting, WAS can crawl all links and directories found in: (select two) (Choose all that apply) (A) I (B) S (C) R (D) Ans (B) S (C) R The Explicit URLs to Crawl field may contain (select two): (Select all that apply) (A) URLs both inside and outside of the Crawl Scope (B) URLs outside of the Crawl Scope (C) URLs within the Crawl Scope (D) URLs not automatically discovered by WAS Ans (B) URLs outside of the Crawl Scope (D) URLs not automatically discovered by WAS Outside of the "Custom Contents" option, what preset Sensitive Content types can the Web Application Scanner detect? (select two) (Choose all that apply) (A) Passwords (B) Social Security Number (C) Driving License Number (D) Credit Card Number Ans (B) Social Security Number (D) Credit Card Number Using the Administration Utility, which of the following scan permissions can be assigned to a user role? (select three) (Choose all that apply) (A) Cancel WAS Scan (B) Delete WAS Scan (C) Update WAS Scan (D) Launch WAS Scan Ans (A) Cancel WAS Scan (B) Delete WAS Scan (D) Launch WAS Scan Which WAS feature uses a virtual machine farm to detect a potentially malicious script in a Web application? (A) Progressive Scanning (B) Malware Monitoring (C) Redundant Links (D) DNS Override Ans (B) Malware Monitoring Which technique would you use to build a report containing specifics on only your app's most severe vulnerabilities? (A) Add a Search List to the report (B) Add a Crawl Exclusion List to the report (C) Add a Brute Force List to the report (D) Add a Parameter Set to the report Ans (A) Add a Search List to the report Potential Web app vulnerabilities are color coded: (A) Blue (B) Red (C) Yellow (D) Green Ans (C) Yellow Which of the following is NOT a valid vulnerability status? (A) Active (B) Re-opened (C) New (D) Fixed (E) Exploited Ans (E) Exploited If your application URL is: (A) (B) (C) (D) (D) Which of the following scanning challenges can be overcome using the WAS Progressive Scanning feature? (select two) (Select all that apply) (A) Scanning a web application with hard-to-find links (B) Scanning a web application with tens of thousands of links (C) Scanning a web application with multiple IP addresses (D) Scanning a web application that would normally exceed the amount of time available within a limited scanning window. Ans (B) Scanning a web application with tens of thousands of links (D) Scanning a web application that would normally exceed the amount of time available within a limited scanning window. Confirmed Web app vulnerabilities are color coded: (A) Blue (B) Red (C) Yellow (D) Green Ans (B) Red Where can you find the number of links crawled for an Application? (select two) (Choose all that apply) (A) View the "Links" column, in the "Scan Lists" tab (B) Check QID in the Scorecard Report (C) Check QID in the Scan Report (D) On the WAS Dashboard Ans (A) View the "Links" column, in the "Scan Lists" tab (C) Check QID in the Scan Report What technique does WAS use to automate the detection of Web application vulnerabilities? (A) Hashing (B) Stack Fingerprinting (C) Fault Injection (D) Covert Channels Ans (C) Fault Injection A Search List can be used to customize a (Select all the apply): (A) Web Application Scan (B) Scan Report (C) Crawl Exclusions List (D) Web Application Report Ans (A) Web Application Scan (B) Scan Report (D) Web Application Report Which WAS feature allows you to quickly change your Web Application's resolved IP address? (A) Malware Monitoring (B) Progressive Scanning (C) Redundant Links (D) DNS Override Ans (D) DNS Override Which of the following is NOT a WAS object you can tag? (A) Web Applications (B) Option Profiles (C) Reports (D) Scan Results Ans (D) Scan Results Which technique can WAS use to bypass authentication? (A) Custom Authentication Record (B) Burp Integration (C) Selenium Authentication Script (D) Header Injection Ans (D) Header Injection Which of the following scan parameters can NOT be configured in a WAS Option Profile? (A) Password Bruteforcing (B) Form Submission (C) Crawl Scope (D) Scan Intensity Ans (A) Password Bruteforcing The __________ is a staging area for Web applications discovered by scans in the Qualys Vulnerability Management (VM) application. (A) KnowledgeBase (B) Dashboard (C) Library (D) Catalog Ans (D) Catalog If your Web application URL is , which Crawl Scope should you select in order to place in the application scope? (A) Limit at or below URL hostname (B) Limit to URL hostname and specified domains (C) Limit to URL hostname and specified subdomain (D) Limit to content located at or below URL subdirectory Ans (C) Limit to URL hostname and specified subdomain