Qualys Web Application Scanning (EXAM) 38 Questions with Verified Answers,100% CORRECT

Qualys Web Application Scanning (EXAM) 38 Questions with Verified Answers The Malware Monitoring option should only be enabled for: (A) Applications with a "malware" tag (B) Internal facing applications (C) External facing applications (D) Both internal and external facing applications - CORRECT ANSWER (C) External facing applications Where can you "Ignore" a vulnerability for a Web Application? (select two) (Choose all that apply) (A) Scorecard Report (B) Scan Report (C) Web Application Report (D) Detections Tab - CORRECT ANSWER (B) Scan Report (D) Detection Tab A Search List contains a list of: (A) Username/Password combinations (B) QIDs from the Qualys KnowledgeBase (C) Crawling hints (D) Common input parameters - CORRECT ANSWER (B) QIDs from the QualysBase When launching a Web Application Scan, you have the option to override some default settings. Which of the following options can NOT be overridden? (A) Option Profile (B) Crawl Scope (C) Scanner Appliance (D) Authentication Record - CORRECT ANSWER (D) Authentication Record What attack proxies can you integrate with Qualys WAS? (A) BURP (B) W3af (C) ZAP (D) WebScarab - CORRECT ANSWER (A) BURP How can you get your scan to follow a business workflow (such as a shopping cart transaction)? (A) Use a Selenium Script to record and replay the workflow (B) Use a Custom Authentication Record (C) Use a Crawl Exclusion List (D) Use DNS Override - CORRECT ANSWER (A) Use a Selenium Script to record and replay the workflow Using the "Crawling Hints" setting, WAS can crawl all links and directories found in: (select two) (Choose all that apply) (A) I (B) S (C) R (D) - CORRECT ANSWER (B) S (C) R The Explicit URLs to Crawl field may contain (select two): (Select all that apply) (A) URLs both inside and outside of the Crawl Scope (B) URLs outside of the Crawl Scope (C) URLs within the Crawl Scope (D) URLs not automatically discovered by WAS - CORRECT ANSWER (B) URLs outside of the Crawl Scope (D) URLs not automatically discovered by WAS Outside of the "Custom Contents" option, what preset Sensitive Content types can the Web Application Scanner detect? (select two) (Choose all that apply) (A) Passwords (B) Social Security Number (C) Driving License Number (D) Credit Card Number - CORRECT ANSWER (B) Social Security Number (D) Credit Card Number Using the Administration Utility, which of the following scan permissions can be assigned to a user role? (select three) (Choose all that apply) (A) Cancel WAS Scan (B) Delete WAS Scan (C) Update WAS Scan (D) Launch WAS Scan - CORRECT ANSWER (A) Cancel WAS Scan (B) Delete WAS Scan (D) Launch WAS Scan Which WAS feature uses a virtual machine farm to detect a potentially malicious script in a Web application? (A) Progressive Scanning (B) Malware Monitoring (C) Redundant Links (D) DNS Override - CORRECT ANSWER (B) Malware Monitoring Which technique would you use to build a report containing specifics on only your app's most severe vulnerabilities? (A) Add a Search List to the report (B) Add a Crawl Exclusion List to the report (C) Add a Brute Force List to the report (D) Add a Parameter Set to the report - CORRECT ANSWER (A) Add a Search List to the report Potential Web app vulnerabilities are color coded: (A) Blue (B) Red (C) Yellow (D) Green - CORRECT ANSWER (C) Yellow Which of the following is NOT a valid vulnerability status? (A) Active (B) Re-opened (C) New (D) Fixed (E) Exploited - CORRECT ANSWER (E) Exploited If your application URL is: (A) (B) (C) (D) (D) Which of the following scanning challenges can be overcome using the WAS Progressive Scanning feature? (select two) (Select all that apply) (A) Scanning a web application with hard-to-find links (B) Scanning a web application with tens of thousands of links (C) Scanning a web application with multiple IP addresses (D) Scanning a web application that would normally exceed the amount of time available within a limited scanning window. - CORRECT ANSWER (B) Scanning a web application with tens of thousands of links (D) Scanning a web application that would normally exceed the amount of time available within a limited scanning window. Confirmed Web app vulnerabilities are color coded: (A) Blue (B) Red (C) Yellow (D) Green - CORRECT ANSWER (B) Red Where can you find the number of links crawled for an Application? (select two) (Choose all that apply) (A) View the "Links" column, in the "Scan Lists" tab (B) Check QID in the Scorecard Report (C) Check QID in the Scan Report (D) On the WAS Dashboard - CORRECT ANSWER (A) View the "Links" column, in the "Scan Lists" tab (C) Check QID in the Scan Report What technique does WAS use to automate the detection of Web application vulnerabilities? (A) Hashing (B) Stack Fingerprinting (C) Fault Injection (D) Covert Channels - CORRECT ANSWER (C) Fault Injection A Search List can be used to customize a (Select all the apply): (A) Web Application Scan (B) Scan Report (C) Crawl Exclusions List (D) Web Application Report - CORRECT ANSWER (A) Web Application Scan (B) Scan Report (D) Web Application Report Which WAS feature allows you to quickly change your Web Application's resolved IP address? (A) Malware Monitoring (B) Progressive Scanning (C) Redundant Links (D) DNS Override - CORRECT ANSWER (D) DNS Override Which of the following is NOT a WAS object you can tag? (A) Web Applications (B) Option Profiles (C) Reports (D) Scan Results - CORRECT ANSWER (D) Scan Results Which technique can WAS use to bypass authentication? (A) Custom Authentication Record (B) Burp Integration (C) Selenium Authentication Script (D) Header Injection - CORRECT ANSWER (D) Header Injection Which of the following scan parameters can NOT be configured in a WAS Option Profile? (A) Password Bruteforcing (B) Form Submission (C) Crawl Scope (D) Scan Intensity - CORRECT ANSWER (A) Password Bruteforcing The __________ is a staging area for Web applications discovered by scans in the Qualys Vulnerability Management (VM) application. (A) KnowledgeBase (B) Dashboard (C) Library (D) Catalog - CORRECT ANSWER (D) Catalog If your Web application URL is , which Crawl Scope should you select in order to place in the application scope? (A) Limit at or below URL hostname (B) Limit to URL hostname and specified domains (C) Limit to URL hostname and specified subdomain (D) Limit to content located at or below URL subdirectory - CORRECT ANSWER (C) Limit to URL hostname and specified subdomain Which WAS feature will help you avoid scanning common links too many times? (A) Redundant Links (B) Malware Monitoring (C) Header Injection (D) DNS Override - CORRECT ANSWER (A) Redundant Links If the Web application URL is , which Crawl Scope should you select in order to keep in the application scope? (A) Limit to URL hostname and specified subdomain (B) Limit at or below URL hostname (C) Limit to URL hostname and specified domains (D) Limit to content located at or below URL subdirectory - CORRECT ANSWER (A) Limit to URL hostname and specified subdomain What HTTP method(s) are supported for Form Submissions in the Option Profile? (select two) (choose all that apply) (A) HEAD (B) OPTIONS (C) GET (D) POST - CORRECT ANSWER (C) GET (D) POST You've just built an application (tagged with the "Developer" Asset Tag). What must you do to allow Fred (a developer) to begin scanning the application? (select two) (Choose all that apply) (A) Tag the application with Fred's user tag (B) Assign the "WAS Scanner" role to Fred's user account (C) Enable Progressive Scanning in Fred's user account (D) Place the "Developer" tag in Fred's user account - CORRECT ANSWER (A) Tag the application with Fred's user tag (B) Assign the "WAS Scanner" role to Fred's user account Which setting defines the boundaries of a Web application? (A) Web application URL (B) Crawl Scope (C) Application name (D) Explicit URLs to Crawl - CORRECT ANSWER (B) Crawl Scope Which of the following techniques can be used to create a Web Application in WAS? (select three) (A) Click the 'Edit' option in the Option Profile (B) Click the "Add Web Application" option from the Dashboard (C) Use the "Create Web Application" option in a SItemap (D) Import via CSV file (E) Click the "Add Web Application" option from the Web Application Report - CORRECT ANSWER Which of the following Crawl Exclusion Lists can be generated using a WAS Application Sitemap? (select two) (A) White List (B) Black List (C) Post Data Black List (D) Logout regular expression - CORRECT ANSWER (C) Post Data Black List (D) Logout regular expression What is the max number of hours a scan can continue on WAS before it times out? (A) 16 hours (B) 4 hours (C) 24 hours (D) 48 hours - CORRECT ANSWER (C) 24 hours Which of the following is NOT a component of a WAS crawl script? (A) Trigger (B) Selenium Script file (C) Evaluation expression (D) Catalog - CORRECT ANSWER (A) Trigger What happens when you use the "Remove Web Assets" feature? (select two) (Choose all that apply) (A) WAS purges (deletes) all of your application data for the removed application (B) A final web application scan is performed before purging the application (C) The application is removed from your WAS subscription (D) All application data is saved in the WAS catalog - CORRECT ANSWER (A) WAS purges (deletes) all of your application data for the removed application (C) The application is removed from your WAS subscription In Qualys WAS, you can schedule (select two): (A) Reports (B) BURP scans (C) Maps (D) Scans - CORRECT ANSWER (A) Reports (D) Scans Which Form Submission method will only test login forms? (A) NONE (B) POST & GET (C) GET (D) POST - CORRECT ANSWER (B) POST & GET