Qualys Web Application
Scanning (EXAM)|2024|38
Questions and Answers|
Verified|Already Passed
The Malware Monitoring option should only be enabled for:
(A) Applications with a "malware" tag
(B) Internal facing applications
(C) External facing applications
(D) Both internal and external facing applications - -(C) External facing
applications
-Where can you "Ignore" a vulnerability for a Web Application? (select
two) (Choose all that apply)
(A) Scorecard Report
(B) Scan Report
(C) Web Application Report
(D) Detections Tab - -(B) Scan Report
(D) Detection Tab
-A Search List contains a list of:
(A) Username/Password combinations
(B) QIDs from the Qualys KnowledgeBase
(C) Crawling hints
(D) Common input parameters - -(B) QIDs from the QualysBase
-When launching a Web Application Scan, you have the option to
override some default settings. Which of the following options can NOT
be overridden?
(A) Option Profile
(B) Crawl Scope
(C) Scanner Appliance
(D) Authentication Record - -(D) Authentication Record
-What attack proxies can you integrate with Qualys WAS?
(A) BURP
(B) W3af
(C) ZAP
(D) WebScarab - -(A) BURP
, -How can you get your scan to follow a business workflow (such as a
shopping cart transaction)?
(A) Use a Selenium Script to record and replay the workflow
(B) Use a Custom Authentication Record
(C) Use a Crawl Exclusion List
(D) Use DNS Override - -(A) Use a Selenium Script to record and replay
the workflow
-Using the "Crawling Hints" setting, WAS can crawl all links and
directories found in: (select two) (Choose all that apply)
(A) Index.html
(B) Sitemap.xml
(C) Robots.txt
(D) default.css - -(B) Sitemap.xml
(C) Robots.txt
-The Explicit URLs to Crawl field may contain (select two): (Select all
that apply)
(A) URLs both inside and outside of the Crawl Scope
(B) URLs outside of the Crawl Scope
(C) URLs within the Crawl Scope
(D) URLs not automatically discovered by WAS - -(B) URLs outside of the
Crawl Scope
(D) URLs not automatically discovered by WAS
-Outside of the "Custom Contents" option, what preset Sensitive
Content types can the Web Application Scanner detect? (select two)
(Choose all that apply)
(A) Passwords
(B) Social Security Number
(C) Driving License Number
(D) Credit Card Number - -(B) Social Security Number
(D) Credit Card Number
-Using the Administration Utility, which of the following scan
permissions can be assigned to a user role? (select three) (Choose all
that apply)
(A) Cancel WAS Scan
(B) Delete WAS Scan
(C) Update WAS Scan
(D) Launch WAS Scan - -(A) Cancel WAS Scan
(B) Delete WAS Scan
(D) Launch WAS Scan
Scanning (EXAM)|2024|38
Questions and Answers|
Verified|Already Passed
The Malware Monitoring option should only be enabled for:
(A) Applications with a "malware" tag
(B) Internal facing applications
(C) External facing applications
(D) Both internal and external facing applications - -(C) External facing
applications
-Where can you "Ignore" a vulnerability for a Web Application? (select
two) (Choose all that apply)
(A) Scorecard Report
(B) Scan Report
(C) Web Application Report
(D) Detections Tab - -(B) Scan Report
(D) Detection Tab
-A Search List contains a list of:
(A) Username/Password combinations
(B) QIDs from the Qualys KnowledgeBase
(C) Crawling hints
(D) Common input parameters - -(B) QIDs from the QualysBase
-When launching a Web Application Scan, you have the option to
override some default settings. Which of the following options can NOT
be overridden?
(A) Option Profile
(B) Crawl Scope
(C) Scanner Appliance
(D) Authentication Record - -(D) Authentication Record
-What attack proxies can you integrate with Qualys WAS?
(A) BURP
(B) W3af
(C) ZAP
(D) WebScarab - -(A) BURP
, -How can you get your scan to follow a business workflow (such as a
shopping cart transaction)?
(A) Use a Selenium Script to record and replay the workflow
(B) Use a Custom Authentication Record
(C) Use a Crawl Exclusion List
(D) Use DNS Override - -(A) Use a Selenium Script to record and replay
the workflow
-Using the "Crawling Hints" setting, WAS can crawl all links and
directories found in: (select two) (Choose all that apply)
(A) Index.html
(B) Sitemap.xml
(C) Robots.txt
(D) default.css - -(B) Sitemap.xml
(C) Robots.txt
-The Explicit URLs to Crawl field may contain (select two): (Select all
that apply)
(A) URLs both inside and outside of the Crawl Scope
(B) URLs outside of the Crawl Scope
(C) URLs within the Crawl Scope
(D) URLs not automatically discovered by WAS - -(B) URLs outside of the
Crawl Scope
(D) URLs not automatically discovered by WAS
-Outside of the "Custom Contents" option, what preset Sensitive
Content types can the Web Application Scanner detect? (select two)
(Choose all that apply)
(A) Passwords
(B) Social Security Number
(C) Driving License Number
(D) Credit Card Number - -(B) Social Security Number
(D) Credit Card Number
-Using the Administration Utility, which of the following scan
permissions can be assigned to a user role? (select three) (Choose all
that apply)
(A) Cancel WAS Scan
(B) Delete WAS Scan
(C) Update WAS Scan
(D) Launch WAS Scan - -(A) Cancel WAS Scan
(B) Delete WAS Scan
(D) Launch WAS Scan
