RAPID7 ACTUAL EXAM QUESTIONS WITH SOLUTIONS
2025 GRADED A+
✔✔Describe an ideal Site Strategy? (5) - ✔✔1. Is easy to manage
2. Makes sense to your organization
3. Achieves scanning goal/objectives
4. Aligns with change control requirements
5. Aligns with technical and business owners
✔✔What is a site? - ✔✔Collection of assets targeted for scanning:
➤ Target assets
➤ Scan template
➤ Scan engine(s)
➤ Schedules
➤ Alerts
➤ Credentials
✔✔How can assets be specified for sites? (2) - ✔✔1. IP Ranges
2. Asset Groups
✔✔What are the stages of Vulnerability Management Workflow? (4) - ✔✔1. Identify
2. Prioritize
3. Remediate
4. Validate
✔✔What are the options for Vulnerability Remediation Validation? (3) - ✔✔1. Post-
Remediation Validation Scan
2. Scan individual Asset
3. Custom Scan Template
✔✔What are the important Risk Strategies? (4) - ✔✔1. "Real Risk" - default, applies
exploit and exposure metrics to CVSSv2 base
2. "Temporal" - emphasizes time vulnerability known to exist
3. "TemporalPlus" - Also emphasizes age of vulnerability, but distinguishes been impact
with values of (P)artial or (N)one
4. "Weighted" - Emphasizes severity, number of instances, number of services on
asset, weight assigned to asset. Weighted risk score
✔✔What are the benefits of changing risk score strategy? (2) - ✔✔1. Gain a new
perspective on risk
, 2. Align with company security goals
✔✔What are the reasons for adding a vulnerability exception? (4) - ✔✔1. Compensating
Control
2. Acceptable Use
3. Acceptable Risk
4. False Positive
✔✔Will InsightVM still scan for "excepted" vulnerabilities? - ✔✔Yes
✔✔What functionality is added by pairing to the Insight Platform? (6) - ✔✔1. Dashboard
and Cards
2. Containers
3. Insight Agent
4. Remediation Projects
5. Automation
6. Goals & SLAs
✔✔What are the prerequisites for Insight Platform Activation? (5) - ✔✔1. Security
Console version 6.5.29 or later
2. Console not already activated on platform
3. Allowed URLs for data region (eu.exposure-analytics.insight.rapid7.com etc)
4. TCP-443 allowed on firewalls
5. Account created on insight.rapid7.com
✔✔What is the difference between a "Hosted" and a "Distributed" Scan Engine? -
✔✔Hosted Scan Engines are provided and managed by Rapid7
Distributed Scan Engines are hosted on company owned infrastructure (on-prem or
cloud)
✔✔What are the Scan Engine Placement Considerations? (8) - ✔✔1. Security Console
paired or direct to Insight Platform?
2. Firewalls
3. IDS/IPS
4. NAT
5. VPNs
6. Subnets
7. DMZs
8. ACLs
✔✔What are the scanning strategy goals? (6) - ✔✔1. Size of enterprise (# of scan
engines)
2. Geography (placement, configuration)
2025 GRADED A+
✔✔Describe an ideal Site Strategy? (5) - ✔✔1. Is easy to manage
2. Makes sense to your organization
3. Achieves scanning goal/objectives
4. Aligns with change control requirements
5. Aligns with technical and business owners
✔✔What is a site? - ✔✔Collection of assets targeted for scanning:
➤ Target assets
➤ Scan template
➤ Scan engine(s)
➤ Schedules
➤ Alerts
➤ Credentials
✔✔How can assets be specified for sites? (2) - ✔✔1. IP Ranges
2. Asset Groups
✔✔What are the stages of Vulnerability Management Workflow? (4) - ✔✔1. Identify
2. Prioritize
3. Remediate
4. Validate
✔✔What are the options for Vulnerability Remediation Validation? (3) - ✔✔1. Post-
Remediation Validation Scan
2. Scan individual Asset
3. Custom Scan Template
✔✔What are the important Risk Strategies? (4) - ✔✔1. "Real Risk" - default, applies
exploit and exposure metrics to CVSSv2 base
2. "Temporal" - emphasizes time vulnerability known to exist
3. "TemporalPlus" - Also emphasizes age of vulnerability, but distinguishes been impact
with values of (P)artial or (N)one
4. "Weighted" - Emphasizes severity, number of instances, number of services on
asset, weight assigned to asset. Weighted risk score
✔✔What are the benefits of changing risk score strategy? (2) - ✔✔1. Gain a new
perspective on risk
, 2. Align with company security goals
✔✔What are the reasons for adding a vulnerability exception? (4) - ✔✔1. Compensating
Control
2. Acceptable Use
3. Acceptable Risk
4. False Positive
✔✔Will InsightVM still scan for "excepted" vulnerabilities? - ✔✔Yes
✔✔What functionality is added by pairing to the Insight Platform? (6) - ✔✔1. Dashboard
and Cards
2. Containers
3. Insight Agent
4. Remediation Projects
5. Automation
6. Goals & SLAs
✔✔What are the prerequisites for Insight Platform Activation? (5) - ✔✔1. Security
Console version 6.5.29 or later
2. Console not already activated on platform
3. Allowed URLs for data region (eu.exposure-analytics.insight.rapid7.com etc)
4. TCP-443 allowed on firewalls
5. Account created on insight.rapid7.com
✔✔What is the difference between a "Hosted" and a "Distributed" Scan Engine? -
✔✔Hosted Scan Engines are provided and managed by Rapid7
Distributed Scan Engines are hosted on company owned infrastructure (on-prem or
cloud)
✔✔What are the Scan Engine Placement Considerations? (8) - ✔✔1. Security Console
paired or direct to Insight Platform?
2. Firewalls
3. IDS/IPS
4. NAT
5. VPNs
6. Subnets
7. DMZs
8. ACLs
✔✔What are the scanning strategy goals? (6) - ✔✔1. Size of enterprise (# of scan
engines)
2. Geography (placement, configuration)
