Qualys Web Application Scanning (EXAM)question with complete solutions 2023

Qualys Web Application Scanning (EXAM)question with complete solutions 2023The Malware Monitoring option should only be enabled for: (A) Applications with a "malware" tag (B) Internal facing applications (C) External facing applications (D) Both internal and external facing applications (C) External facing applications Where can you "Ignore" a vulnerability for a Web Application? (select two) (Choose all that apply) (A) Scorecard Report (B) Scan Report (C) Web Application Report (D) Detections Tab (B) Scan Report (D) Detection Tab A Search List contains a list of: (A) Username/Password combinations (B) QIDs from the Qualys KnowledgeBase (C) Crawling hints (D) Common input parameters (B) QIDs from the QualysBase When launching a Web Application Scan, you have the option to override some default settings. Which of the following options can NOT be overridden? (A) Option Profile (B) Crawl Scope (C) Scanner Appliance (D) Authentication Record (D) Authentication Record What attack proxies can you integrate with Qualys WAS? (A) BURP (B) W3af (C) ZAP (D) WebScarab (A) BURP How can you get your scan to follow a business workflow (such as a shopping cart transaction)? (A) Use a Selenium Script to record and replay the workflow (B) Use a Custom Authentication Record (C) Use a Crawl Exclusion List (D) Use DNS Override (A) Use a Selenium Script to record and replay the workflow Using the "Crawling Hints" setting, WAS can crawl all links and directories found in: (select two) (Choose all that apply) (A) I (B) S (C) R (D) (B) S (C) R The Explicit URLs to Crawl field may contain (select two): (Select all that apply) (A) URLs both inside and outside of the Crawl Scope (B) URLs outside of the Crawl Scope (C) URLs within the Crawl Scope (D) URLs not automatically discovered by WAS (B) URLs outside of the Crawl Scope (D) URLs not automatically discovered by WAS Outside of the "Custom Contents" option, what preset Sensitive Content types can the Web Application Scanner detect? (select two) (Choose all that apply) (A) Passwords (B) Social Security Number (C) Driving License Number (D) Credit Card Number (B) Social Security Number (D) Credit Card Number Using the Administration Utility, which of the following scan permissions can be assigned to a user role? (select three) (Choose all that apply) (A) Cancel WAS Scan (B) Delete WAS Scan (C) Update WAS Scan (D) Launch WAS Scan (A) Cancel WAS Scan (B) Delete WAS Scan (D) Launch WAS Scan Which WAS feature uses a virtual machine farm to detect a potentially malicious script in a Web application? (A) Progressive Scanning (B) Malware Monitoring (C) Redundant Links (D) DNS Override (B) Malware Monitoring Which technique would you use to build a report containing specifics on only your app's most severe vulnerabilities? (A) Add a Search List to the report (B) Add a Crawl Exclusion List to the report (C) Add a Brute Force List to the report (D) Add a Parameter Set to the report (A) Add a Search List to the report Potential Web app vulnerabilities are color coded: (A) Blue (B) Red (C) Yellow (D) Green (C) Yellow Which of the following is NOT a valid vulnerability status? (A) Active (B) Re-opened (C) New (D) Fixed (E) Exploited (E) Exploited If your application URL is: (A) (B) (C) (D) (C) (D) Which of the following scanning challenges can be overcome using the WAS Progressive Scanning feature? (select two) (Select all that apply) (A) Scanning a web application with hard-to-find links (B) Scanning a web application with tens of thousands of links (C) Scanning a web application with multiple IP addresses (D) Scanning a web application that would normally exceed the amount of time available within a limited scanning window. (B) Scanning a web application with tens of thousands of links (D) Scanning a web application that would normally exceed the amount of time available within a limited scanning window.