Qualys Web Application Scanning
Exam 2023 QUESTIONS AND
ANSWERS (100% CORRECT) GRADED
A
The Malware Monitoring option should only be enabled for:
(A) Applications with a "malware" tag
(B) Internal facing applications
(C) External facing applications
(D) Both internal and external facing applications - CORRECT ANS (C) External
facing applications
Where can you "Ignore" a vulnerability for a Web Application? (select two) (Choose
all that apply)
(A) Scorecard Report
(B) Scan Report
(C) Web Application Report
(D) Detections Tab - CORRECT ANS (B) Scan Report
(D) Detection Tab
A Search List contains a list of:
(A) Username/Password combinations
(B) QIDs from the Qualys KnowledgeBase
(C) Crawling hints
(D) Common input parameters - CORRECT ANS (B) QIDs from the QualysBase
When launching a Web Application Scan, you have the option to override some
default settings. Which of the following options can NOT be overridden?
(A) Option Profile
(B) Crawl Scope
(C) Scanner Appliance
(D) Authentication Record - CORRECT ANS (D) Authentication Record
What attack proxies can you integrate with Qualys WAS?
(A) BURP
(B) W3af
(C) ZAP
(D) WebScarab - CORRECT ANS (A) BURP
How can you get your scan to follow a business workflow (such as a shopping cart
transaction)?
(A) Use a Selenium Script to record and replay the workflow
(B) Use a Custom Authentication Record
(C) Use a Crawl Exclusion List
, Qualys Web Application Scanning
Exam 2023 QUESTIONS AND
ANSWERS (100% CORRECT) GRADED
A
(D) Use DNS Override - CORRECT ANS (A) Use a Selenium Script to record and
replay the workflow
Using the "Crawling Hints" setting, WAS can crawl all links and directories found in:
(select two) (Choose all that apply)
(A) Index.html
(B) Sitemap.xml
(C) Robots.txt
(D) default.css - CORRECT ANS (B) Sitemap.xml
(C) Robots.txt
The Explicit URLs to Crawl field may contain (select two): (Select all that apply)
(A) URLs both inside and outside of the Crawl Scope
(B) URLs outside of the Crawl Scope
(C) URLs within the Crawl Scope
(D) URLs not automatically discovered by WAS - CORRECT ANS (B) URLs
outside of the Crawl Scope
(D) URLs not automatically discovered by WAS
Outside of the "Custom Contents" option, what preset Sensitive Content types can
the Web Application Scanner detect? (select two) (Choose all that apply)
(A) Passwords
(B) Social Security Number
(C) Driving License Number
(D) Credit Card Number - CORRECT ANS (B) Social Security Number
(D) Credit Card Number
Using the Administration Utility, which of the following scan permissions can be
assigned to a user role? (select three) (Choose all that apply)
(A) Cancel WAS Scan
(B) Delete WAS Scan
(C) Update WAS Scan
(D) Launch WAS Scan - CORRECT ANS (A) Cancel WAS Scan
(B) Delete WAS Scan
(D) Launch WAS Scan
Which WAS feature uses a virtual machine farm to detect a potentially malicious
script in a Web application?
(A) Progressive Scanning
(B) Malware Monitoring
Exam 2023 QUESTIONS AND
ANSWERS (100% CORRECT) GRADED
A
The Malware Monitoring option should only be enabled for:
(A) Applications with a "malware" tag
(B) Internal facing applications
(C) External facing applications
(D) Both internal and external facing applications - CORRECT ANS (C) External
facing applications
Where can you "Ignore" a vulnerability for a Web Application? (select two) (Choose
all that apply)
(A) Scorecard Report
(B) Scan Report
(C) Web Application Report
(D) Detections Tab - CORRECT ANS (B) Scan Report
(D) Detection Tab
A Search List contains a list of:
(A) Username/Password combinations
(B) QIDs from the Qualys KnowledgeBase
(C) Crawling hints
(D) Common input parameters - CORRECT ANS (B) QIDs from the QualysBase
When launching a Web Application Scan, you have the option to override some
default settings. Which of the following options can NOT be overridden?
(A) Option Profile
(B) Crawl Scope
(C) Scanner Appliance
(D) Authentication Record - CORRECT ANS (D) Authentication Record
What attack proxies can you integrate with Qualys WAS?
(A) BURP
(B) W3af
(C) ZAP
(D) WebScarab - CORRECT ANS (A) BURP
How can you get your scan to follow a business workflow (such as a shopping cart
transaction)?
(A) Use a Selenium Script to record and replay the workflow
(B) Use a Custom Authentication Record
(C) Use a Crawl Exclusion List
, Qualys Web Application Scanning
Exam 2023 QUESTIONS AND
ANSWERS (100% CORRECT) GRADED
A
(D) Use DNS Override - CORRECT ANS (A) Use a Selenium Script to record and
replay the workflow
Using the "Crawling Hints" setting, WAS can crawl all links and directories found in:
(select two) (Choose all that apply)
(A) Index.html
(B) Sitemap.xml
(C) Robots.txt
(D) default.css - CORRECT ANS (B) Sitemap.xml
(C) Robots.txt
The Explicit URLs to Crawl field may contain (select two): (Select all that apply)
(A) URLs both inside and outside of the Crawl Scope
(B) URLs outside of the Crawl Scope
(C) URLs within the Crawl Scope
(D) URLs not automatically discovered by WAS - CORRECT ANS (B) URLs
outside of the Crawl Scope
(D) URLs not automatically discovered by WAS
Outside of the "Custom Contents" option, what preset Sensitive Content types can
the Web Application Scanner detect? (select two) (Choose all that apply)
(A) Passwords
(B) Social Security Number
(C) Driving License Number
(D) Credit Card Number - CORRECT ANS (B) Social Security Number
(D) Credit Card Number
Using the Administration Utility, which of the following scan permissions can be
assigned to a user role? (select three) (Choose all that apply)
(A) Cancel WAS Scan
(B) Delete WAS Scan
(C) Update WAS Scan
(D) Launch WAS Scan - CORRECT ANS (A) Cancel WAS Scan
(B) Delete WAS Scan
(D) Launch WAS Scan
Which WAS feature uses a virtual machine farm to detect a potentially malicious
script in a Web application?
(A) Progressive Scanning
(B) Malware Monitoring
