VULNERABILITY MANAGEMENT DETECTION AND RESPONSE
(VMDR) QUESTIONS WITH CORRECT ANSWERS 2025/2026
What are the features of the Patch Management (PM) application - CORRECT ANSWER -
What are the steps for Patch Management as a response to vulnerability findings - CORRECT
ANSWER -
What is asset management? - CORRECT ANSWER -Step 1 in the VMDR lifecycle
What is vulnerability management? - CORRECT ANSWER -Step 2 in the VMDR lifecycle
What is threat detection and prioritization? - CORRECT ANSWER -Step 3 in the VMDR lifecycle
What is response (patch deployment?) - CORRECT ANSWER -Step 4 in the VMDR lifecycle
What should you ask your business, IT, and security managers regarding cyberhygine? -
CORRECT ANSWER -1. Do we know what assets we have and what is connected to our systems
and networks?
2. Do we know what's running (or trying to run) on our systems and networks?
3. Are we limiting and managing the number of people with administrative privileges to change,
bypass, or override the security settings on our systems and networks?
4. Do we have in place continuous processes backed by security technologies that would allow
us to prevent most breaches, rapidly detect all that do succeed, and minimize damage to our
business and our customers?
5. Can we demonstrate that we have an effective monitoring strategy in place to our Board, our
shareholders, and customers today?
, What are the major steps to take in "Inventory and Control Enterprise Assets?" - CORRECT
ANSWER -1. Establish and Maintain Detailed Enterprise Asset Inventory
2. Address Unauthorized Assets
What are the major steps to take in "Inventory and Control Software Assets?" - CORRECT
ANSWER -1. Establish and Maintain a Software Inventory
2. Ensure Authorized Software Is Currently Supported
3. Address Unauthorized Software
What are the major steps to take in "Protect Data?" - CORRECT ANSWER -1. Establish and
Maintain a Data Management Process
2. Establish and Maintain a Data Inventory
3. Configure Data Access Control Lists
4. Enforce Data Retention
5. Securely Dispose of Data
6. Encrypt Data on End-User Devices
What should be addressed during Establish and Maintain a Data Management Process? -
CORRECT ANSWER -1. What type of data does the university process or store?
2. Where is the data processed or stored?
3. Who has access to each type of data?
What is CIA? - CORRECT ANSWER -Confidentiality, Integrity, and Availability
What are the steps for secure configuration and baseline image? - CORRECT ANSWER -1.
Determine the risk classification of the data handled or stored on the asset.
2. Create a security configuration script that sets system security settings to meet the
requirements to protect the data used on the asset.
(VMDR) QUESTIONS WITH CORRECT ANSWERS 2025/2026
What are the features of the Patch Management (PM) application - CORRECT ANSWER -
What are the steps for Patch Management as a response to vulnerability findings - CORRECT
ANSWER -
What is asset management? - CORRECT ANSWER -Step 1 in the VMDR lifecycle
What is vulnerability management? - CORRECT ANSWER -Step 2 in the VMDR lifecycle
What is threat detection and prioritization? - CORRECT ANSWER -Step 3 in the VMDR lifecycle
What is response (patch deployment?) - CORRECT ANSWER -Step 4 in the VMDR lifecycle
What should you ask your business, IT, and security managers regarding cyberhygine? -
CORRECT ANSWER -1. Do we know what assets we have and what is connected to our systems
and networks?
2. Do we know what's running (or trying to run) on our systems and networks?
3. Are we limiting and managing the number of people with administrative privileges to change,
bypass, or override the security settings on our systems and networks?
4. Do we have in place continuous processes backed by security technologies that would allow
us to prevent most breaches, rapidly detect all that do succeed, and minimize damage to our
business and our customers?
5. Can we demonstrate that we have an effective monitoring strategy in place to our Board, our
shareholders, and customers today?
, What are the major steps to take in "Inventory and Control Enterprise Assets?" - CORRECT
ANSWER -1. Establish and Maintain Detailed Enterprise Asset Inventory
2. Address Unauthorized Assets
What are the major steps to take in "Inventory and Control Software Assets?" - CORRECT
ANSWER -1. Establish and Maintain a Software Inventory
2. Ensure Authorized Software Is Currently Supported
3. Address Unauthorized Software
What are the major steps to take in "Protect Data?" - CORRECT ANSWER -1. Establish and
Maintain a Data Management Process
2. Establish and Maintain a Data Inventory
3. Configure Data Access Control Lists
4. Enforce Data Retention
5. Securely Dispose of Data
6. Encrypt Data on End-User Devices
What should be addressed during Establish and Maintain a Data Management Process? -
CORRECT ANSWER -1. What type of data does the university process or store?
2. Where is the data processed or stored?
3. Who has access to each type of data?
What is CIA? - CORRECT ANSWER -Confidentiality, Integrity, and Availability
What are the steps for secure configuration and baseline image? - CORRECT ANSWER -1.
Determine the risk classification of the data handled or stored on the asset.
2. Create a security configuration script that sets system security settings to meet the
requirements to protect the data used on the asset.
