1|Page
TENABLE VULNERABILITY MANAGEMENT
PROFESSIONAL EXAM BANK 250 ACCURATE
REAL EXAM QUESTIONS & ANSWERS With
Verified Answers and Rationales | Latest 2026 Update
| All Versions | Study Guide Included
SECTION 1: VULNERABILITY MANAGEMENT FUNDAMENTALS (Q1–35)
1. Which of the following best defines vulnerability management in
cybersecurity?
a) A process that only identifies vulnerabilities
b) A reactive measure after a breach
c) A comprehensive process of identifying, assessing, prioritizing, and
mitigating vulnerabilities
d) A tool that automatically fixes all security issues
Answer: c) A comprehensive process of identifying, assessing, prioritizing,
and mitigating vulnerabilities
Answer: Vulnerability management is an ongoing, comprehensive process
that involves identifying, assessing, prioritizing, and mitigating security
vulnerabilities to reduce organizational risk .
2. What is the primary purpose of the vulnerability management lifecycle?
a) To automate software development
b) To continuously manage and mitigate security vulnerabilities
c) To replace incident response
d) To manage hardware inventory
Answer: b) To continuously manage and mitigate security vulnerabilities
,2|Page
Answer: The vulnerability management lifecycle is designed to continuously
identify and mitigate vulnerabilities, ensuring ongoing security posture
improvement .
3. Which phase of the vulnerability management lifecycle involves assigning
a risk score to each identified weakness?
a) Asset discovery
b) Vulnerability assessment
c) Prioritization
d) Remediation
Answer: c) Prioritization
Answer: Prioritization is the phase where risk scores (e.g., CVSS, VPR) are
assigned to determine which vulnerabilities to address first based on severity
and business impact .
4. After running a vulnerability scan, a company is sorting out the results
and determining the order in which vulnerabilities will be addressed. How is
the company most likely to make this determination?
a) Address vulnerabilities alphabetically by CVE name
b) Address vulnerabilities with the highest numeric CVSS scores and work
down the list
c) Address vulnerabilities in the order they were discovered
d) Address the oldest vulnerabilities first
Answer: b) Address vulnerabilities with the highest numeric CVSS scores and
work down the list
Answer: Organizations typically prioritize vulnerabilities based on CVSS
scores, addressing the most severe (highest scoring) vulnerabilities first as
they pose the greatest risk .
,3|Page
5. In Tenable terminology, what does VPR stand for?
a) Vulnerability Performance Ratio
b) Vulnerability Priority Rating
c) Virtual Patch Repository
d) Verified Penetration Report
Answer: b) Vulnerability Priority Rating
Answer: VPR is Tenable's proprietary risk rating that combines exploitability,
asset criticality, and vulnerability severity to provide dynamic prioritization .
6. What does the "Exploitability" metric in Tenable's VPR calculation
consider?
a) Availability of a public exploit
b) The cost of remediation
c) The number of assets affected
d) The age of the vulnerability
Answer: a) Availability of a public exploit
Answer: The Exploitability metric reflects whether a public exploit exists and
its maturity level, which significantly impacts the urgency of remediation .
7. Which CVSS metric measures the ease with which an attacker can exploit
a vulnerability?
a) Confidentiality Impact
b) Attack Vector
c) Scope
d) Base Score
Answer: b) Attack Vector
Answer: The Attack Vector metric (network, adjacent, local, physical)
reflects how easily an attacker can reach and exploit the vulnerability .
, 4|Page
8. What is the primary difference between a credentialed and a non-
credentialed scan?
a) Credentialed scans run faster
b) Credentialed scans require valid login credentials to the target host
c) Non-credentialed scans can detect only open ports
d) Non-credentialed scans can modify system files
Answer: b) Credentialed scans require valid login credentials to the target
host
Answer: Credentialed scans log into the target system to assess
configuration, installed software, and patch levels directly, providing deeper,
more accurate results than non-credentialed scans .
9. Which CVSS metric measures the ease with which an attacker can exploit
a vulnerability?
a) Confidentiality Impact
b) Attack Vector
c) Scope
d) Base Score
Answer: b) Attack Vector
Answer: Attack Vector (network, adjacent, local, physical) reflects the
exploitability of a vulnerability .
10. A security manager requests a scan that identifies live hosts and open
ports without causing a denial-of-service condition. Which scan template
should be used to minimize impact?
a) Advanced Scan
b) Malware Scan
TENABLE VULNERABILITY MANAGEMENT
PROFESSIONAL EXAM BANK 250 ACCURATE
REAL EXAM QUESTIONS & ANSWERS With
Verified Answers and Rationales | Latest 2026 Update
| All Versions | Study Guide Included
SECTION 1: VULNERABILITY MANAGEMENT FUNDAMENTALS (Q1–35)
1. Which of the following best defines vulnerability management in
cybersecurity?
a) A process that only identifies vulnerabilities
b) A reactive measure after a breach
c) A comprehensive process of identifying, assessing, prioritizing, and
mitigating vulnerabilities
d) A tool that automatically fixes all security issues
Answer: c) A comprehensive process of identifying, assessing, prioritizing,
and mitigating vulnerabilities
Answer: Vulnerability management is an ongoing, comprehensive process
that involves identifying, assessing, prioritizing, and mitigating security
vulnerabilities to reduce organizational risk .
2. What is the primary purpose of the vulnerability management lifecycle?
a) To automate software development
b) To continuously manage and mitigate security vulnerabilities
c) To replace incident response
d) To manage hardware inventory
Answer: b) To continuously manage and mitigate security vulnerabilities
,2|Page
Answer: The vulnerability management lifecycle is designed to continuously
identify and mitigate vulnerabilities, ensuring ongoing security posture
improvement .
3. Which phase of the vulnerability management lifecycle involves assigning
a risk score to each identified weakness?
a) Asset discovery
b) Vulnerability assessment
c) Prioritization
d) Remediation
Answer: c) Prioritization
Answer: Prioritization is the phase where risk scores (e.g., CVSS, VPR) are
assigned to determine which vulnerabilities to address first based on severity
and business impact .
4. After running a vulnerability scan, a company is sorting out the results
and determining the order in which vulnerabilities will be addressed. How is
the company most likely to make this determination?
a) Address vulnerabilities alphabetically by CVE name
b) Address vulnerabilities with the highest numeric CVSS scores and work
down the list
c) Address vulnerabilities in the order they were discovered
d) Address the oldest vulnerabilities first
Answer: b) Address vulnerabilities with the highest numeric CVSS scores and
work down the list
Answer: Organizations typically prioritize vulnerabilities based on CVSS
scores, addressing the most severe (highest scoring) vulnerabilities first as
they pose the greatest risk .
,3|Page
5. In Tenable terminology, what does VPR stand for?
a) Vulnerability Performance Ratio
b) Vulnerability Priority Rating
c) Virtual Patch Repository
d) Verified Penetration Report
Answer: b) Vulnerability Priority Rating
Answer: VPR is Tenable's proprietary risk rating that combines exploitability,
asset criticality, and vulnerability severity to provide dynamic prioritization .
6. What does the "Exploitability" metric in Tenable's VPR calculation
consider?
a) Availability of a public exploit
b) The cost of remediation
c) The number of assets affected
d) The age of the vulnerability
Answer: a) Availability of a public exploit
Answer: The Exploitability metric reflects whether a public exploit exists and
its maturity level, which significantly impacts the urgency of remediation .
7. Which CVSS metric measures the ease with which an attacker can exploit
a vulnerability?
a) Confidentiality Impact
b) Attack Vector
c) Scope
d) Base Score
Answer: b) Attack Vector
Answer: The Attack Vector metric (network, adjacent, local, physical)
reflects how easily an attacker can reach and exploit the vulnerability .
, 4|Page
8. What is the primary difference between a credentialed and a non-
credentialed scan?
a) Credentialed scans run faster
b) Credentialed scans require valid login credentials to the target host
c) Non-credentialed scans can detect only open ports
d) Non-credentialed scans can modify system files
Answer: b) Credentialed scans require valid login credentials to the target
host
Answer: Credentialed scans log into the target system to assess
configuration, installed software, and patch levels directly, providing deeper,
more accurate results than non-credentialed scans .
9. Which CVSS metric measures the ease with which an attacker can exploit
a vulnerability?
a) Confidentiality Impact
b) Attack Vector
c) Scope
d) Base Score
Answer: b) Attack Vector
Answer: Attack Vector (network, adjacent, local, physical) reflects the
exploitability of a vulnerability .
10. A security manager requests a scan that identifies live hosts and open
ports without causing a denial-of-service condition. Which scan template
should be used to minimize impact?
a) Advanced Scan
b) Malware Scan
