1. What HTTP method(s) are supported for Form Submissions in the Option Profile? (select two)
Choose an answer:
HEAD
OPTIONS
GET
POST
2. The __________ is a staging area for Web applications discovered by scans in the Qualys Vulnerability Management (VM) application.
Choose an answer:
KnowledgeBase
Dashboard
Library
Catalog
3. What technique does WAS use to automate the detection of Web application vulnerabilities?
Choose an answer:
Hashing
Stack Fingerprinting
Fault Injection
Covert Channels
4. Which of the following is NOT a WAS object you can tag?
Choose an answer:
Web Applications
Option Profiles
Reports
Scan Results
5. The Malware Monitoring option should only be enabled for:
Choose an answer:
Applications with a “malware” tag
Internal facing applications
External facing applications
Both internal and external facing applications
6. When launching a Web Application Scan, you have the option to override some default settings. Which of the following options can NOT be overridden?
Choose an answer:
Option Profile
Crawl Scope (this might be right)
Scanner Appliance
Authentication Record
7. What attack proxies can you integrate with Qualys WAS?
Choose an answer:
BURP
W3af
ZAP
WebScarab
8. Which WAS feature will help you avoid scanning common links too many times?
Choose an answer:
Redundant Links
Malware Monitoring
Header Injection
DNS Override
9. The Explicit URLs to Crawl field may contain (select two):
Choose an answer:
URLs both inside and outside of the Crawl Scope
URLs outside of the Crawl Scope
URLs within the Crawl Scope
URLs not automatically discovered by WAS
10. What are your options for applications found in your Catalog? (select three)
Choose an answer:
Mark as Rogue
Mark as Scanned
Mark as Approved
Add to Subscription
11. Which Form Submission method will only test login forms?
Choose an answer:
NONE
POST & GET
GET
POST
12. A Search List contains a list of:
Choose an answer:
Username/Password combinations
QIDs from the Qualys KnowledgeBase
Crawling hints
Common input parameters
13. Which technique can WAS use to bypass authentication?
Choose an answer:
Custom Authentication Record
Burp Integration
Selenium Authentication Script
Header Injection
14. Which WAS feature uses a virtual machine farm to detect a potentially malicious script in a Web application?
Choose an answer:
Progressive Scanning
Malware Monitoring
Redundant Links
DNS Override
15. Potential Web app vulnerabilities are color coded:
Choose an answer:
Blue
Red
Yellow
Green
16. If the Web application URL is http://demo06.qualys.com, which Crawl Scope should you select in order to keep http://training.demo06.qualys.com in the application scope?
Choose an answer:
Limit to URL hostname and specified subdomain
Limit at or below URL hostname
Limit to URL hostname and specified domains
Limit to content located at or below URL subdirectory
17. Which of the following scanning challenges can be overcome using the WAS Progressive Scanning feature? (select two)
Choose an answer:
Scanning a web application with hard-to-find links
Scanning a web application with tens of thousands of links
Scanning a web application with multiple IP addresses
Scanning a web application that would normally exceed the amount of time available within a limited scanning window.
18. Which of the following Crawl Exclusion Lists can be generated using a WAS Application Sitemap? (select two)
Choose an answer:
White List
Black List
Post Data Black List
Logout regular expression
19. What happens when you use the “Remove Web Assets” feature? (select two)
Choose an answer:
WAS purges (deletes) all of your application data for the removed application
A final web application scan is performed before purging the application
The application is removed from your WAS subscription
All application data is saved in the WAS catalog
20. Which of the following is NOT a valid vulnerability status?
Choose an answer:
Active
Re-opened
New
Fixed
Exploited
21. Using the "Crawling Hints" setting, WAS can crawl all links and directories found in: (select two)
Choose an answer:
Index.html
Sitemap.xml
Robots.txt
default.css
22. A Search List can be used to customize a (Select all the apply):
Choose an answer:
Web Application Scan
Scan Report
Crawl Exclusions List
Web Application Report
23. If your application URL is: www.example.org/new/ , which of the of following links will be crawled if the Crawl Scope is set to "Limit to content at or below URL subdirectory"? (select two)
Choose an answer:
www.example.org/existing
www.example.org
www.example.org/new/customers
www.example.org/new
24. Using the Administration Utility, which of the following scan permissions can be assigned to a user role? (select three)
Choose an answer:
Cancel WAS Scan
Delete WAS Scan
Update WAS Scan
Launch WAS Scan
25. Confirmed Web app vulnerabilities are color coded:
Choose an answer:
Red
Green
Blue
Yellow
26. Where can you “Ignore” a vulnerability for a Web Application? (select two)
Choose an answer:
Scorecard Report
Scan Report
Web Application Report
Detections Tab
27. What is the max number of hours a scan can continue on WAS before it times out?
Choose an answer:
16 hours
4 hours
24 hours
48 hours
28. In Qualys WAS, you can schedule (select two):
Choose an answer:
Reports
BURP scans
Maps
Scans
29. Which WAS feature allows you to quickly change your Web Application’s resolved IP address?
Choose an answer:
Malware Monitoring
Progressive Scanning
Redundant Links
DNS Override
30. How can you get your scan to follow a business workflow (such as a shopping cart transaction)?
Choose an answer:
Use a Selenium Script to record and replay the workflow
Use a Custom Authentication Record
Use a Crawl Exclusion List
Use DNS Override
Good! You are the best one. FlexNetwork Architect Exam Dumps
ReplyDeletethanks
DeleteThanks for this post,author of this post share good information...Hp Exam Questions
ReplyDeleteHPE0-S55 exam questions deluge will promise you 100% passing. The quality and organization of HPE0-S55 exam questions test dumps will go over your wants. Our IT specialists reliably revolve around outfitting our customers with the most extraordinary material and assurance you pass the test at the first undertaking
ReplyDeletePassing the HPE Master ASE dumps at first attempt can be made possible through our HPE Master ASE dumps. For a candidate not to waste money, time and efforts and Our HPE0-S22 dumps is ready to help you out. All you just need to do is download and practice with HPE Master ASE exam dumps.
ReplyDeleteI have taken help from Pass4sure XML dumps and am fully satisfied with its content and my results. I got distinguishing grades in my final IT exam that was almost impossible without having such an authentic helping source. I am thankful to Dumpspass4sure for all the help and suggest everyone to use Pass4sure XML dumps material.
ReplyDeleteAmazing, decent post,you can discover distinctive individual seeking about that now they'll discover enough assets by your post.Thank you for sharing to us
ReplyDeleteapplication security testing
@ebabae
ReplyDeletethanks bro
Real IT Exams Questions Answers With 100% Passing Guarantee - DumpsSure
ReplyDeleteI am so happy to use Exam4lead.com and I am thankful to the experts who spent their time and worked with full devotion for carving AWS Certified Developer Associate dumps. It would just be my dream still if I would not have chosen this short guide. All the syllabus topics have been comprehensively dealt with in it. I always suggest my colleagues and fellows to use AWS Certified Developer Associate dumps to bring their desired result. When I knew about this material I was not sure about the reliability so I checked demo questions first. I was guaranteed for success and now I can guarantee for it.
ReplyDeletehttps://www.exam4lead.com/amazon.html
Get The Best Deal Of 2021 January 40% Discount On
ReplyDeleteThroughout my preparation Passexam4sure gave me support first by CCNA 200-301 Pdf dumps and then by guiding me. I got all the updates about the exam and was relaxed and confidence before and after the exam. 200-301 dumps gave a fantastic edge to my career.
Where can buy best HP ScanJet Scanner in UAE, Pro 2500 F1 Flatbed Office Scanner in UAE, White Black Scanner in UAE Visit now https://gccgamers.com/hp-scanjet-pro-2500-f1-flatbed-office-scanner-white-black-l2747a.html
ReplyDeleteDumpssolutions Splunk Certifications is the leader in supplying certification candidates with current and up-to-date training materials for Android Certification and Exam preparation. Dumpssolutions.com Android resources are constantly being revised and updated for relevance and accuracy. We 100% guarantee the materials with quality and reliability which will help you pass any Android certification exam.
ReplyDeleteBest eCOGRA Sportsbook Review & Welcome Bonus 2021 - CA
ReplyDeleteLooking for an https://deccasino.com/review/merit-casino/ eCOGRA Sportsbook https://vannienailor4166blog.blogspot.com/ Bonus? 출장마사지 At this eCOGRA kadangpintar Sportsbook review, https://septcasino.com/review/merit-casino/ we're talking about a variety of ECCOGRA sportsbook promotions.
You can pass the ACFE CFE Exam with Updated CFE PDF Questions & Answers. Prepare4Test provides Real, Latest and Valid CFE PDF Dumps, prepared by ACFE experts. If you have keen to obtain good grade in the ACFE CFE exam, start your preparation via CFE dumps by Prepare4Test.
ReplyDeleteYou can pass the ACFE CFE-Fraud-Prevention-and-Deterrence Exam with Updated CFE-Fraud-Prevention-and-Deterrence PDF Questions & Answers. Prepare4Test provides Real, Latest and Valid CFE-Fraud-Prevention-and-Deterrence PDF Dumps, prepared by ACFE experts. If you have keen to obtain good grade in the ACFE CFE-Fraud-Prevention-and-Deterrence exam, start your preparation via CFE-Fraud-Prevention-and-Deterrence dumps by Prepare4Test.
ReplyDelete