Vulnerability Management Detection and Response (VMDR) 51 Questions with Verified Answers
What are the features of the Patch Management (PM)
... [Show More] application - CORRECT ANSWER
What are the steps for Patch Management as a response to vulnerability findings - CORRECT ANSWER
What is asset management? - CORRECT ANSWER Step 1 in the VMDR lifecycle
What is vulnerability management? - CORRECT ANSWER Step 2 in the VMDR lifecycle
What is threat detection and prioritization? - CORRECT ANSWER Step 3 in the VMDR lifecycle
What is response (patch deployment?) - CORRECT ANSWER Step 4 in the VMDR lifecycle
What should you ask your business, IT, and security managers regarding cyberhygine? - CORRECT ANSWER 1. Do we know what assets we have and what is connected to our systems and networks?
2. Do we know what's running (or trying to run) on our systems and networks?
3. Are we limiting and managing the number of people with administrative privileges to change, bypass, or override the security settings on our systems and networks?
4. Do we have in place continuous processes backed by security technologies that would allow us to prevent most breaches, rapidly detect all that do succeed, and minimize damage to our business and our customers?
5. Can we demonstrate that we have an effective monitoring strategy in place to our Board, our shareholders, and customers today?
What are the major steps to take in "Inventory and Control Enterprise Assets?" - CORRECT ANSWER 1. Establish and Maintain Detailed Enterprise Asset Inventory
2. Address Unauthorized Assets
What are the major steps to take in "Inventory and Control Software Assets?" - CORRECT ANSWER 1. Establish and Maintain a Software Inventory
2. Ensure Authorized Software Is Currently Supported
3. Address Unauthorized Software
What are the major steps to take in "Protect Data?" - CORRECT ANSWER 1. Establish and Maintain a Data Management Process
2. Establish and Maintain a Data Inventory
3. Configure Data Access Control Lists
4. Enforce Data Retention
5. Securely Dispose of Data
6. Encrypt Data on End-User Devices
What should be addressed during Establish and Maintain a Data Management Process? - CORRECT ANSWER 1. What type of data does the university process or store?
2. Where is the data processed or stored?
3. Who has access to each type of data?
What is CIA? - CORRECT ANSWER Confidentiality, Integrity, and Availability
What are the steps for secure configuration and baseline image? - CORRECT ANSWER 1. Determine the risk classification of the data handled or stored on the asset.
2. Create a security configuration script that sets system security settings to meet the requirements to protect the data used on the asset.
3. Install the base operating system software.
4. Apply appropriate operating system and security patches.
5. Install appropriate application software packages, tools, and utilities.
6. Apply appropriate updates to operating systems.
Install local customization scripts to this image.
7. Run the security script created earlier to set the appropriate security level.
8. Run a Security Content Automation Protocol (SCAP) compliant tool to record and score the system setting of the baseline image.
9. Perform a security quality assurance test.
10. Save this base image in a secure location.
What are the Safeguards? - CORRECT ANSWER 1. Establish and Maintain a Secure Configuration Process
2.Establish and Maintain a Secure Configuration Process for Network Infrastructure
3. Configure Automatic Session Locking on Enterprise Assets
4. Implement and Manage a Firewall on Servers
5. Implement and Manage a Firewall on End-User Devices:
6. Securely Manage Enterprise Assets and Software:
7. Manage Default Accounts on Enterprise Assets and Software:
What are Remote Scanners? - CORRECT ANSWER internet-facing and ideal for scanning internet-facing assets around the globe.
What are Local Scanners? - CORRECT ANSWER deployed on local area networks and commonly scan assets within reserved or private IP address ranges. Can be physical or virtual.
What are Qualys Cloud Agents? - CORRECT ANSWER run as a local process on the host they protect.
What are Qualys Passive Sensors? - CORRECT ANSWER Works with TAPs and Switches throughout your network, passive sensors operate by sniffing network traffic sent to the Qualys platform for processing. Another essential benefit of Passive Sensor is helping you to identify the unmanaged assets throughout your network architecture. Can be physical or virtual.
what are Cloud and SaaS Connectors? - CORRECT ANSWER Work with the native services of your cloud and SaaS providers to identify misconfigurations and security blind spots. Cloud Connectors can be created for your AWS, Google Cloud, and Microsoft Azure accounts. SaaS Connectors are available for Microsoft Office 365, Google Workspace, Zoom, and SalesForce.
What are Qualys Container Sensors? - CORRECT ANSWER Downloads as a Docker image and is installed on a Docker host as a container application, right alongside other container applications. Once installed, Container Sensor will assess all new and existing Docker images and containers for vulnerabilities and misconfigurations.
What are Out-of-Band Sensors? - CORRECT ANSWER Help to secure devices on air-gapped networks.
What are APIs? - CORRECT ANSWER
What are the 3 different types of container sensors? - CORRECT ANSWER General, Registry, and CI/CD Pipline
what is a General Sensor? - CORRECT ANSWER scans images and containers on a single docker host.
What is a Registry Sensor? - CORRECT ANSWER This sensor scans images in public and private Docker registries.
What is a CI/CD Pipeline Sensor? - CORRECT ANSWER This sensor which is also referred to as a "Build" sensor, scans images within your DevOps CI/CD pipeline projects, allowing you to identify and correct vulnerable images during the build process.
What is a CI/CD Pipeline - CORRECT ANSWER A pipeline is a process that drives software development through a path of building, testing, and deploying code, also known as CI/CD. By automating the process, the objective is to minimize human error and maintain a consistent process for how software is released.
What is Qualys Container Runtime Security (CRS)? - CORRECT ANSWER Is instrumented into Docker images and becomes a part (layer) of containerized applications. This is achieved by instrumenting images with Qualys Container Security components, to gather functional and behavioural data about the container's running processes; thereby allowing you to create rules and policies that actively block or prevent unwanted actions or events.
As one example, you could build a policy that prohibits access to sensitive system files, such as the 'shadow' or 'passwd' files on a Linux host.
Which Public Registries does the CRS support? - CORRECT ANSWER Docker hub
Which Private Registries does the CRS support? - CORRECT ANSWER v2-private registry: JFrog Artifactory (secure: auth + https)
What is a Docker hub? - CORRECT ANSWER Is a repository service and it is a cloud-based service where people push their Docker Container Images and also pull the Docker Container Images from the Docker Hub anytime or anywhere via the internet. It provides features such as you can push your images as private or public. Mainly DevOps team uses the Docker Hub.
What is instrumentation? - CORRECT ANSWER When a few binaries are set into the image as the security layer.
Which key will enable you to install Qualys Could Agent from the VMDR Welcome Page? - CORRECT ANSWER The Default Activation Key
Which Qualys application model is not included in the Default VMDR Activation Key? - CORRECT ANSWER PCI Compliance
What are the key areas of focus for modern IT issues? - CORRECT ANSWER 1. Discover and inventory all assets
2. Add business context through dynamic tagging of assets
3. Quickly identify non-compliant assets
4. Create custom reports
5. Standardize your inventory
6. Know product lifecycle and support information
7. Enable notifications to review and define actions
8. Enable 2-Way integration with ServiceNow CMDB
What is Global AssetView (GAV)? - CORRECT ANSWER A free asset management that allows you to:
1. Obtain asset inventory across hybrid environments
2. View normalized and categorized hardware and software inventory information
3. Add custom tagging to automatically organize your assets and rank their criticality
4. Create and view customizable dashboards and widgets
5. Search any asset in seconds
What is CyberSecurity Asset Management (CSAM)? - CORRECT ANSWER CSAM provides all the features of GAV and some additional features:
1. Obtain enriched asset data - hardware & software lifecycles, licenses categories, and more
2. Perform bi-directional synchronization of asset data with your ServiceNow CMDB
3. Define and manage authorized and unauthorized software in your organization
4. Customize reporting to meet internal and external needs (e.g. standards compliance reporting)
5. Create alerts that can be sent via email, Slack, or PagerDuty to inform you about assets requiring attention
Hardware Lifecycle Stages: What is General Availability? - CORRECT ANSWER hardware is in production, available for purchase,or is supported.
Hardware Lifecycle Stages: What is End of Sale (EOS)? - CORRECT ANSWER means that the hardware is no longer sold by the vendor.
Hardware Lifecycle Stages: What is Obsolete (OBS) - End-of-Service - CORRECT ANSWER means that the hardware is no longer serviced via upgrades, patches, or maintenance.
For Asset Scanning, what is "Unidentified?" - CORRECT ANSWER This value is displayed when not enough data has been discovered or collected by Qualys to determine the asset's hardware or operating system.
For Asset Scanning, what should you do when an asset is "Unidentified?" - CORRECT ANSWER your vulnerability scans should be performed in an 'authenticated' mode. You should also check that network filtering devices allow scan traffic to pass.
For Asset Scanning, what is "Unknown" - CORRECT ANSWER This value appears when there is adequate data available to categorize the asset, but the asset itself is not cataloged.
For Asset Scanning, what should you do when an asset is "Unknown?" - CORRECT ANSWER catalogue the asset
CIS Control 1: Inventory and Control of Enterprise Assets - CORRECT ANSWER calls for the inventory, tracking, and correction of all enterprise assets. This includes end-user devices, portable & mobile devices, network devices, non-computing/Internet of Things (IoT) devices, and servers. Connected to your infrastructure physically, virtually, remotely, and within cloud environments. Unauthorized and unmanaged assets should be identified and then properly removed or remediated.
Qualys Passive Sensors - CORRECT ANSWER can be deployed as physical or virtual appliances. Working with TAPs and Switches throughout your network, passive sensors operate by sniffing network traffic sent to the Qualys platform for processing. Another essential benefit of Passive Sensor is helping you to identify the unmanaged assets throughout your network architecture.
Passive Sensors - CORRECT ANSWER can be deployed as a physical appliance or a virtual appliance.
3 different types of Container Sensors: General Sensor - CORRECT ANSWER This sensor scans images and containers on a single docker host.
3 different types of Container Sensors: Registry Sensor - CORRECT ANSWER This sensor scans images in public and private Docker registries.
3 different types of Container Sensors: CI/CD Pipeline Sensor - CORRECT ANSWER This sensor which is also referred to as a "Build" sensor, scans images within your DevOps CI/CD pipeline projects, allowing you to identify and correct vulnerable images during the build process.
instrumentation - CORRECT ANSWER process that provides complete visibility of the application inside the container is used. The instrumentation is very lightweight and provides configurable data collection options with low or no impact on application containers. This process is automated by using an instrumenter service. [Show Less]