1
QUALYS VMDR TRAINING EXAM/ACTUAL EXAM
QUESTIONS AND CORRECT DETAILED ANSWERS
WITH RATIONALES/NEWEST UPDATE✓
What is a vulnerability
Ans: a wekness that cybercriminals can exploit to gain access to a system
it is estimated that every 1000 lines of code contains one bug, and 25 if it is
not scrutinized.
what is vulnerability management
Ans: to proactively detect and eliminate vulnerabilities to reduce overall
security risk and prevent exposure.
Vulnerability Management (VM) means systematically and continuously
finding and eliminating vulnerabilities in your computer systems
what is the first and most importnt step for laying the foundation of a
successful VM program.
Pretest - Stuvia US
,2
Ans: Scoping (asset discovery) Systems to Identify Inventory
-*Always begin asset scoping with internet-facing assets*
YOU CANNOT PROTECT AND SECURE WHAT YOU DONT KNOW
This step includes organizing your computer systems according to their role, to
establish an evaluation baseline.
--This starts with directing vulnerability scanners to a certian range of IP
addresses.
how to scan remote users
Ans: One way to scan remote users is to ensure they are connected to your
VPN and scanning them over the tunnel, assuming the network and VPN can
handle the traffic.
The better solution is an agent-based approach. Scanning is performed by a
local agent that runs on the host machine and provides the information
necessary to evaluate the security state of the machine, with little effect on
processing, memory, and bandwidth.
Tips for effective VM
Pretest - Stuvia US
, 3
Ans: Automate as much as possible
-Manual intervention should be limited only to prioritize patches and
negotiate the proper window to apply those patches.
Use VM technology with a solid track record and wide use
Remember to select a solution that can change with the business and grow
accordingly
Benefits of a cloud based software
Ans: fast implementation, low maintenance, and pay-as-you-go
A cloud provider handles all the technical 'heavy lifting' of infrastructure
behind the application. You can use it right away without requiring special
technical expertise or training to deploy and use it.
3 main types of VM software
Ans: Open source
-free but not inexpensive (you must front the cost of maintenance, training,
and staffing)
Corporate/commercial
-Safer, but has a real cost. Better training available
Cloud alternative based
-more flexible, faster to implement, low maintenance cost
4 main aspects of implementing a software
Pretest - Stuvia US
QUALYS VMDR TRAINING EXAM/ACTUAL EXAM
QUESTIONS AND CORRECT DETAILED ANSWERS
WITH RATIONALES/NEWEST UPDATE✓
What is a vulnerability
Ans: a wekness that cybercriminals can exploit to gain access to a system
it is estimated that every 1000 lines of code contains one bug, and 25 if it is
not scrutinized.
what is vulnerability management
Ans: to proactively detect and eliminate vulnerabilities to reduce overall
security risk and prevent exposure.
Vulnerability Management (VM) means systematically and continuously
finding and eliminating vulnerabilities in your computer systems
what is the first and most importnt step for laying the foundation of a
successful VM program.
Pretest - Stuvia US
,2
Ans: Scoping (asset discovery) Systems to Identify Inventory
-*Always begin asset scoping with internet-facing assets*
YOU CANNOT PROTECT AND SECURE WHAT YOU DONT KNOW
This step includes organizing your computer systems according to their role, to
establish an evaluation baseline.
--This starts with directing vulnerability scanners to a certian range of IP
addresses.
how to scan remote users
Ans: One way to scan remote users is to ensure they are connected to your
VPN and scanning them over the tunnel, assuming the network and VPN can
handle the traffic.
The better solution is an agent-based approach. Scanning is performed by a
local agent that runs on the host machine and provides the information
necessary to evaluate the security state of the machine, with little effect on
processing, memory, and bandwidth.
Tips for effective VM
Pretest - Stuvia US
, 3
Ans: Automate as much as possible
-Manual intervention should be limited only to prioritize patches and
negotiate the proper window to apply those patches.
Use VM technology with a solid track record and wide use
Remember to select a solution that can change with the business and grow
accordingly
Benefits of a cloud based software
Ans: fast implementation, low maintenance, and pay-as-you-go
A cloud provider handles all the technical 'heavy lifting' of infrastructure
behind the application. You can use it right away without requiring special
technical expertise or training to deploy and use it.
3 main types of VM software
Ans: Open source
-free but not inexpensive (you must front the cost of maintenance, training,
and staffing)
Corporate/commercial
-Safer, but has a real cost. Better training available
Cloud alternative based
-more flexible, faster to implement, low maintenance cost
4 main aspects of implementing a software
Pretest - Stuvia US
