Qualys Web Application Scanning (EXAM 2023) Scored 80%

Document Content and Description Below

Qualys Web Application Scanning (EXAM 2023) Scored 80% The Malware Monitoring option should only be enabled for: (A) Applications with a "malware" tag (B) Internal facing applications (C) Exte ... rnal facing applications (D) Both internal and external facing applications ✔Ans✔ (C) External facing applications Where can you "Ignore" a vulnerability for a Web Application? (select two) (Choose all that apply) (A) Scorecard Report (B) Scan Report (C) Web Application Report (D) Detections Tab ✔Ans✔ (B) Scan Report (D) Detection Tab A Search List contains a list of: (A) Username/Password combinations (B) QIDs from the Qualys KnowledgeBase (C) Crawling hints (D) Common input parameters ✔Ans✔ (B) QIDs from the QualysBase When launching a Web Application Scan, you have the option to override some default settings. Which of the following options can NOT be overridden? (A) Option Profile (B) Crawl Scope (C) Scanner Appliance (D) Authentication Record ✔Ans✔ (D) Authentication Record What attack proxies can you integrate with Qualys WAS? (A) BURP (B) W3af (C) ZAP (D) WebScarab ✔Ans✔ (A) BURP How can you get your scan to follow a business workflow (such as a shopping cart transaction)? (A) Use a Selenium Script to record and replay the workflow (B) Use a Custom Authentication Record (C) Use a Crawl Exclusion List (D) Use DNS Override ✔Ans✔ (A) Use a Selenium Script to record and replay the workflow Using the "Crawling Hints" setting, WAS can crawl all links and directories found in: (select two) (Choose all that apply) (A) Index.html (B) Sitemap.xml (C) Robots.txt (D) default.css ✔Ans✔ (B) Sitemap.xml (C) Robots.txt The Explicit URLs to Crawl field may contain (select two): (Select all that apply) (A) URLs both inside and outside of the Crawl Scope (B) URLs outside of the Crawl Scope (C) URLs within the Crawl Scope (D) URLs not automatically discovered by WAS ✔Ans✔ (B) URLs outside of the Crawl Scope (D) URLs not automatically discovered by WAS Outside of the "Custom Contents" option, what preset Sensitive Content types can the Web Application Scanner detect? (select two) (Choose all that apply) (A) Passwords (B) Social Security Number (C) Driving License Number (D) Credit Card Number ✔Ans✔ (B) Social Security Number (D) Credit Card Number Using the Administration Utility, which of the following scan permissions can be assigned to a user role? (select three) (Choose all that apply) (A) Cancel WAS Scan (B) Delete WAS Scan (C) Update WAS Scan (D) Launch WAS Scan ✔Ans✔ (A) Cancel WAS Scan (B) Delete WAS Scan (D) Launch WAS Scan Which WAS feature uses a virtual machine farm to detect a potentially malicious script in a Web application? (A) Progressive Scanning (B) Malware Monitoring (C) Redundant Links (D) DNS Override ✔Ans✔ (B) Malware Monitoring Which technique would you use to build a report containing specifics on only your app's most severe vulnerabilities? (A) Add a Search List to the report (B) Add a Crawl Exclusion List to the report (C) Add a Brute Force List to the report (D) Add a Parameter Set to the report ✔Ans✔ (A) Add a Search List to the report Potential Web app vulnerabilities are color coded: (A) Blue (B) Red (C) Yellow (D) Green ✔Ans✔ (C) Yellow Which of the following is NOT a valid vulnerability status? (A) Active (B) Re-opened (C) New (D) Fixed (E) Exploited ✔Ans✔ (E) Exploited If your application URL is: www.example.org/new/ , which of the of following links will be crawled if the Crawl Scope is set to "Limit to content at or below URL subdirectory"? (select two) (Choose all that apply) (A) www.example.org/existing (B) www.example.org (C)www.example.org/new/customers (D) www.example.org/new ✔Ans✔ (C)www.example.org/new/customers (D)www.example.org/new Which of the following scanning challenges can be overcome using the WAS Progressive Scanning feature? (select two) (Select all that apply) (A) Scanning a web application with hard-to-find links (B) Scanning a web application with tens of thousands of links (C) Scanning a web application with multiple IP addresses (D) Scanning a web application that would normally exceed the amount of time available within a limited scanning window. ✔Ans✔ (B) Scanning a web application with tens of thousands of links (D) Scanning a web application that would normally exceed the amount of time available within a limited scanning window. Confirmed Web app vulnerabilities are color coded: (A) Blue (B) Red (C) Yellow (D) Green ✔Ans✔ (B) Red Where can you find the number of links crawled for an Application? (select two) (Choose all that apply) (A) View the "Links" column, in the "Scan Lists" tab (B) Check QID 150009 in the Scorecard Report (C) Check QID 150009 in the Scan Report (D) On the WAS Dashboard ✔Ans✔ (A) View the "Links" column, in the "Scan Lists" tab (C) Check QID 150009 in the Scan Report What technique does WAS use to automate the detection of Web application vulnerabilities? (A) Hashing (B) Stack Fingerprinting (C) Fault Injection (D) Covert Channels ✔Ans✔ (C) Fault Injection A Search List can be used to customize a (Select all the apply): (A) Web Application Scan (B) Scan Report (C) Crawl Exclusions List (D) Web Application Report ✔Ans✔ (A) Web Application Scan (B) Scan Report (D) Web Application Report Which WAS feature allows you to quickly change your Web Application's resolved IP address? (A) Malware Monitoring (B) Progressive Scanning (C) Redundant Links (D) DNS Override ✔Ans✔ (D) DNS Override Which of the following is NOT a WAS object you can tag? (A) Web Applications (B) Option Profiles (C) Reports (D) Scan Results ✔Ans✔ (D) Scan Results Which technique can WAS use to bypass authentication? (A) Custom Authentication Record (B) Burp Integration (C) Selenium Authentication Script (D) Header Injection ✔Ans✔ (D) Header Injection Which of the following scan parameters can NOT be configured in a WAS Option Profile? (A) Password Bruteforcing (B) Form Submission (C) Crawl Scope (D) Scan Intensity ✔Ans✔ (A) Password Bruteforcing The __________ is a staging area for Web applications discovered by scans in the Qualys Vulnerability Management (VM) application. (A) KnowledgeBase (B) Dashboard (C) Library (D) Catalog ✔Ans✔ (D) Catalog If your Web application URL is http://demo06.qualys.com, which Crawl Scope should you select in order to place http://www.fdic.gov in the application scope? (A) Limit at or below URL hostname (B) Limit to URL hostname and specified domains (C) Limit to URL hostname and specified subdomain (D) Limit to content located at or below URL subdirectory ✔Ans✔ (C) Limit to URL hostname and specified subdomain [Show More]

Last updated: 2 years ago

Preview 1 out of 8 pages