1 If adequate data exists (for Qualys to properly categorize an asset’s hardware or OS), but they have
yet to be added to the asset catalog, they will potentially be listed as __________ .
Choose an answer:




Unknown
Unidentified
Unavailable
Uncertain
2 Which Qualys application, provides the Real-Time Threat Indicators (RTIs) used in the VMDR
Prioritization Report?
Choose an answer:




Patch Management
Asset Inventory
Threat Protection
Vulnerability Management
4 Which “Active Threat” category includes attacks that require little skill and do not require
additional information?
Choose an answer:




Predicted High Risk
Easy Exploit
Public Exploit
Zero Day
Which of the following frequencies, can be used to schedule a Patch Deployment Job? Select all that
apply.
Choose all that apply:




Weekly
Quarterly
Annually
Daily
Presently, you can add up to _____ patches to a single job. Choose an answer:




2000
1250
1750
1500
5 Which phase of the VMDR Lifecycle is addressed by Qualys Patch Management (PM)?
Choose an answer:




Vulnerability Management
Response
Asset Management
Threat Detection & Prioritization
6 Which phase of the VMDR Lifecycle is addressed by Qualys Patch Management (PM)?
Choose an answer:




Vulnerability Management
Response
Asset Management
Threat Detection & Prioritization
7 Qualys provides virtual scanner appliances for which of the following cloud platforms? Select all
that apply.
Choose all that apply:




Amazon AWS
Google Cloud Platform
Rackspace Cloud
Microsoft Azure
8 Which Qualys technology provides a patch download cache, to achieve a more efficient distribution
of downloaded patches, to local agent host assets?
Choose an answer:




Qualys Passive Sensor
Qualys Scanner Appliance
Qualys Gateway Server
Qualys Connector
9 By default, which of the following factors are used by the VMDR Prioritization Report, to prioritize
vulnerabilities? Select all that apply.
Choose all that apply:




Vulnerability Age
Real-Time Threat Indicators
Compliance Posture
Attack Surface
10 What are the prerequisites to integrate Qualys with ServiceNow CMDB? Select all that apply.
Choose all that apply:




ServiceNow user account with Qualys API access enabled
Qualys CMDB Sync or Service Graph Connector app installed in ServiceNow
Qualys user account with API access disabled
Qualys subscription with Cybersecurity Asset Management license
11 Which of the following Deployment Job steps will allow you to install software and run a custom
script? Select all that apply.
Choose all that apply:




Select Assets
Select Post-actions
Select Pre-Actions
Select Patches
12 Which of the following queries will display assets with a Relational Database Management
System?
Choose an answer:




software:(category1:Databases / RDBMS)
software:(Databases / RDBMS)
software:(category2:Databases / RDBMS)
software:(category:Databases / RDBMS)
13 Which “Active Threat” category includes vulnerabilities that are actively attacked and have no
patch available?
Choose an answer:




Easy Exploit
Malware
Exploit Kit
Zero Day
14 You have been asked to create a “Zero-Touch” patch deployment job. You have already scheduled
this job to run once a week. What additional requirement must be met?
Choose an answer:




Select patches using Asset Tags
Defer patch selection to a later time
Automate patch selection using QQL
Select patches manually
15 Once you establish your priority option you can generate your Prioritization Report. By default this
report will produce a list of _________ that match your priority options.
Choose an answer:




Patches
Threat Feeds
Vulnerabilities
Assets
16 After building a Prioritization Report, you want to monitor the contents of the report on a regular
basis. What will you do?
Choose an answer:




Create Dashboard widgets for all the contents of the report
Export the report to dashboard and create a dynamic widget
Schedule a report to run on a regular basis
Run a report every time it is needed
17 When creating a patch job, a “Patch Window” set to the __________ option, will allow the Cloud
Agent as much time as it needs to complete the job?
Choose an answer:




None
Full
Unlimited
Complete
18 consume a patching license, one or more host ________ ________ must be added to the
“Licenses” tab (within the Patch Management application).
Choose an answer:




Business Units
Asset Tags
Asset Names
Asset Groups
19 You were unable to search some of your Operating Systems using a lifecycle query. Later, you
found out the reason. The lifecycle stage of the operating system you were searching was:
Choose an answer:


End-of-Life
End-of-Support


Obsolete
General Availability
20 In CSAM, the term “unidentified” means: Select all that apply.
Choose all that apply:




There isn’t enough information gathered to determine the OS/hardware/software
Qualys couldn’t fully fingerprint the OS
There is enough information, but the data isn’t catalogued in CSAM yet
Qualys could fully fingerprint the OS but it’s not in your subscription
21 After Qualys Cloud Agent has been successfully installed on a target host, which of the following
“Patch Management” setup steps must be completed, before host patch assessments can begin?
Select all that apply.
Choose all that apply:





Assign host to CA Configuration Profile (with PM enabled)
Activate PM module on host
Assign host to a PM Job
Assign host to an enabled PM Assessment Profile
22 You have deployed several thousand Qualys Cloud Agents, and now you would like to conserve
network bandwidth by allowing your agents to store and share their downloaded patches (from a
central location). Which Qualys technology is the best fit to solve this challenge?
Choose an answer:




Qualys Passive Sensor
Qualys Gateway Server
Qualys Cloud Connector
Qualys Scanner Appliance
23 Your IT team has configured a patch window to run a deployment job within 5 hours. Due to some
reason you were not able to start the patch installation within that window. What status will they
host display?
Choose an answer:




Not Attempted
Timed Out
Retry
Failed
24 The Threat Feed leverages data from multiple sources. Which of the following sources are used?
Select all that apply.
Choose all that apply:




Other Sources
Exploit Sources
Malware Sources
Qualys Threat and Malware Research Team
25 Which of the following conditions must be met, in order for Qualys Patch Management to
successfully patch a discovered vulnerability? Select all that apply.
Choose all that apply:




The vulnerability should be less than 30 days
The vulnerability must be confirmed
The vulnerability’s host must be running Qualys Cloud Agent
The vulnerability must be patchable
State the requirements for using the Qualys Patch Management application
Describe Patch License Consumption, Patch Assessment Scans, and Patch Deployment Jobs
Demonstrate the use of Patch License Consumption, Patch Assessment Scans, and Patch Deployment
Jobs
Identify the various components of the Patch Catalog
26 You have to run a patch job on a regular basis. Which of the following will you follow in order to
make your work efficient? Select all that apply.
Choose all that apply:




Use Asset Tags as targets for patch deployment jobs
Use the dashboard to monitor
Schedule patch job on a monthly basis
Once test deployments are verified, clone the deployment job and include production asset
tags
27 A pre-deployment message appears at the start of a patch job. You have to create a deployment
job for a Windows user wherein he will receive a notification message to the user indicating that a
reboot is required. What communication option will you select?
Choose an answer:




Reboot Message
Reboot Countdown
Supress Reboot
Reboot Request
28 Your colleague has just completed the following steps to set up your Qualys account for patching:
1. Installed Qualys Cloud Agent on target hosts. 2. Assigned all Agent hosts to a Configuration Profile
with PM configuration enabled. 3. Activated the PM application module for all Agent hosts. 4.
Assigned all hosts to an enabled Assessment Profile. Although Deployment Jobs have been created
and enabled, patches are not getting installed. What step did your colleague miss?
Choose an answer:




Targeted assets must be configured to consume a patching license
Targeted assets must be labelled with the ""Patchable"" Asset Tag
Targeted assets must be added to the ""Patch Management"" Asset Group
Targeted assets must be added to the Patch Catalog
29 You have to analyse the threat intelligence information provided by Qualys Threat and Malware
Labs. Where will you find this information?
Choose an answer:




VMDR > Vulnerabilities tab > Asset
VMDR > Dashboard tab
VMDR > Prioritization tab > Threat Feed
VMDR > Prioritization tab > Reports
Which of the following identifies the correct order of the VMDR Lifecycle phases?
Choose an answer:




Asset Management, Threat Detection & Prioritization, Vulnerability Management, Response
Asset Management, Vulnerability Management, Threat Detection & Prioritization, Response
Vulnerability Management, Threat Detection & Prioritization, Response, Asset Management
Vulnerability Management, Asset Management, Threat Detection & Prioritization, Response
Qualys provides virtual scanner appliances for which of the following cloud platforms? Select all that
apply.
Choose all that apply:




Amazon AWS
Google Cloud Platform
Rackspace Cloud
Microsoft Azure
The Qualys CSAM application distinguishes your asset inventory using which of the following
categories? Select all that apply.
Choose all that apply:
Software
Hardware
Firmware
Operating System
Qualys categorizes your software inventory by which of the following license types? Select all that
apply.
Choose all that apply:
Premier
Trial
Commercial
Open Source
Which Qualys application module is NOT include in the Default VMDR Activation Key?
Choose an answer:




Patch Management (PM)
PCI Compliance (PCI)
CyberSecurity Asset Management (CSAM)
Vulnerability Management (VM)
Using the “Search” field (found in the VULNERABILITIES section of VMDR), which query will produce
a list of “patchable” vulnerabilities?
Choose an answer:
vulnerabilities.vulnerability.qualysPatchable:TRUE
vulnerabilities.vulnerability.isPatchable:TRUE
vulnerabilities.vulnerability.qualysPatchable:FALSE
vulnerabilities.vulnerability.isPatchable:FALSE
Which of the following queries will display assets with a Relational Database Management System?
Choose an answer:
software:(category1:Databases / RDBMS)
software:(Databases / RDBMS)
software:(category2:Databases / RDBMS)
software:(category:Databases / RDBMS)
What are the prerequisites to integrate Qualys with ServiceNow CMDB? Select all that apply.
Choose all that apply:
 Qualys subscription with CyberSecurity Asset Management license
 Qualys CMDB Sync or Service Graph Connector app installed in ServiceNow
 CMDB Sync enabled for Qualys account
 ServiceNow user account with Qualys API access enabled
You are in the process of inducting new employees on the Global AssetView application. In your
presentation you have to add the features of this application. Which features from the below
mentioned list will you include? Select all that apply.
Categorized and normalized hardware and software information
Ability to define and track unauthorized software
Asset Criticality Score
Discovery and inventory of all IT assets
you have to run a patch job on a regular basis. Which of the following will you follow in order to
make your work efficient? Select all that apply.
Choose all that apply:

Use Asset Tags as targets for patch deployment jobs



Use the dashboard to monitor
Schedule patch job on a monthly basis
Once test deployments are verified, clone the deployment job and include production asset
tags