







































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
QUALYS PATCH MANAGEMENT 2026 QUESTION COLLECTION ENDPOINT SECURITY AND PATCH COMPLIANCE MODULE SOLVED ITEMS AND RESPONSE KEY
Typology: Exams
1 / 47
This page cannot be seen from the preview
Don't miss anything!








































◉ What is patch management? Answer: The process of identifying, testing, and deploying OS and application updates. ◉ What is an allow list? Answer: A security configuration where access is denied to any entity unless it is explicitly listed as permitted. ◉ What is a block list? Answer: A security configuration where access is permitted unless the entity is explicitly listed as prohibited. ◉ What is the primary goal of operating system security? Answer: To protect against unauthorized access, data breaches, malware, and other security threats. ◉ What does 'hardening' mean in the context of an OS? Answer: Changing an OS or application to make it operate more securely.
◉ What is the principle of least functionality? Answer: A system should run only the protocols and services required by legitimate users to reduce the attack surface. ◉ What should be done with unused network interfaces? Answer: They should be explicitly disabled rather than left unused. ◉ How should unused services be handled? Answer: They should be disabled to minimize potential security risks. ◉ What is the purpose of application service ports? Answer: They allow client software to connect to applications over a network. ◉ What is a recommended security practice for application service ports? Answer: Disable or block them at a firewall if remote access is not required. ◉ What is the role of disk encryption? Answer: It is essential for securing data at rest within persistent storage. ◉ Why do workstations have a larger attack surface than other devices? Answer: Because they perform varied tasks and run numerous applications.
◉ How are patches typically handled in residential networks? Answer: Hosts are usually configured to check for and install patches automatically. ◉ What is a potential issue with having multiple applications running their own update clients? Answer: It can lead to performance and management issues on the same host. ◉ What is a baseline in device hardening? Answer: A standard set of guidelines or checklists for configuring devices securely. ◉ What is the main risk of over-hardening a system? Answer: It can negatively impact the functionality and usability of applications. ◉ What should an intrusion detection system do regarding nonstandard network data? Answer: Detect data that does not conform to the expected protocol format. ◉ What is a key consideration when creating an endpoint protection deployment plan? Answer: Determining the deployment order and using stages to limit potential disruptions. ◉ What are the four classifications of patches mentioned? Answer: Critical, security-critical, recommended, and optional.
◉ What is the primary benefit of using an enterprise patch management suite? Answer: It mitigates performance and management issues caused by multiple applications running individual update clients on the same host. ◉ Why is testing patches before deployment critical? Answer: To ensure stability, identify conflicts, prevent new vulnerabilities, and avoid disrupting critical operations. ◉ What is the recommended approach for creating a testing environment? Answer: Building an environment that mirrors the production environment as much as appropriate. ◉ What should be done for legacy or IoT systems that cannot be easily patched? Answer: Implement compensating controls or other forms of risk mitigation. ◉ What is the purpose of access control? Answer: To regulate and manage permissions granted to individuals, software, systems, and networks to access resources. ◉ What are Access Control Lists (ACLs) used for in networks? Answer: To filter or forward network traffic based on criteria like source/destination IP addresses, ports, or protocols.
◉ What is a block list in the context of execution control? Answer: A policy that generally allows execution but explicitly prohibits listed processes. ◉ What must precede a shift from a block-list model to an allow-list model? Answer: A risk assessment and business impact analysis, as the change can be highly disruptive. ◉ What is the role of monitoring in endpoint hardening? Answer: To enforce security measures and detect changes that weaken the hardened configuration. ◉ What might an unexpected change in a port or service status indicate during monitoring? Answer: A potential security breach. ◉ What is configuration enforcement? Answer: Methods used to ensure systems and devices adhere to mandatory security configurations. ◉ What are standardized configuration baselines? Answer: Benchmarks for how systems should be configured, often defined by organizations like NIST or CIS.
◉ What is the purpose of automated configuration management tools? Answer: To apply and maintain standardized configuration baselines across an environment automatically. ◉ Why is a change management process necessary for configuration enforcement? Answer: To ensure changes are properly reviewed, tested, and approved before implementation. ◉ Why is a systematic decommissioning process important for security? Answer: To ensure residual data is securely erased and to prevent exploitation of old configurations. ◉ What steps should be taken during the decommissioning of a device? Answer: Securely erase/overwrite data, reset to factory settings, and update inventory records. ◉ What are two fundamental practices for strengthening an endpoint's security posture? Answer: Changing default passwords and removing unnecessary software. ◉ How does monitoring support compliance? Answer: By providing regular reports on the status of endpoint devices to verify that hardening baselines are deployed and maintained.
◉ Which tools provide full disk encryption for Windows and macOS? Answer: BitLocker for Windows and FileVault for macOS. ◉ What is the purpose of Removable Media Encryption? Answer: To ensure data remains protected even when physically removed from the device via media like SD cards or USB drives. ◉ How do VPNs enhance endpoint security? Answer: They provide a secure tunnel for data transmission that protects against eavesdropping and on-path attacks. ◉ What protocols are commonly used for email encryption? Answer: PGP (Pretty Good Privacy) and S/MIME (Secure/Multipurpose Internet Mail Extensions). ◉ Define a shared folder. Answer: A folder whose contents are available over the network. ◉ What is Network-Attached Storage (NAS)? Answer: A standalone storage device or appliance that acts as a file server. ◉ What is a Storage Area Network (SAN)? Answer: A special network composed of high-speed storage shared by multiple servers.
◉ What protocol is a common target for attacks on file servers? Answer: The NetBIOS protocol. ◉ Which NetBIOS ports should be closed on a file server to enhance security? Answer: Ports 135 and 137-139. ◉ What is an administrative share? Answer: A hidden shared folder available only to administrative users. ◉ How can you create a hidden share in Windows? Answer: By appending a $ sign to the end of the share name. ◉ What is the difference between a hard limit and a soft limit in FSRM quotas? Answer: A hard limit prevents exceeding the quota, while a soft limit sends a message when the limit is exceeded. ◉ What is the difference between an active and passive file screen? Answer: An active file screen prevents saving specified file types, while a passive screen monitors when they are added. ◉ Define the principle of least privilege. Answer: Granting a principal the minimum possible sufficient rights to complete an authorized task.
◉ What is provisioning? Answer: The process of setting up a service or user account according to a standard procedure or best practice checklist. ◉ What is the primary goal of teaching policy awareness to employees? Answer: To ensure they are aware of security policies, risks, and policies for personal use of IT assets. ◉ What should be done with accounts granted privileged access? Answer: They should be tagged for close monitoring. ◉ What is deprovisioning? Answer: The process of removing access rights and permissions when an employee leaves or a project ends. ◉ What is the risk of anonymous login in FTP? Answer: It allows unrestricted access to the FTP server. ◉ How are logon credentials transmitted in standard FTP? Answer: In cleartext, making them vulnerable to capture by sniffers. ◉ Which ports does FTP use for control and data transfer? Answer: Port 21 for control information and port 20 for data transfer.
◉ What are the primary security limitations of TFTP? Answer: It provides no authentication, encryption, or error detection. ◉ Which protocol uses SSH1 to secure file transfers? Answer: Secure Copy Protocol (SCP). ◉ Which protocol uses SSH2 to secure file transfers? Answer: Secure Shell File Transfer Protocol (SFTP). ◉ What is FTPS? Answer: A protocol that adds SSL or TLS to FTP to secure credentials and encrypt data. ◉ What is an ACL in file system security? Answer: An access control list containing a list of accounts and their permissions for a resource. ◉ What are the three basic Linux file permissions? Answer: Read (r), Write (w), and Execute (x). ◉ In Linux, what does the 'w' permission allow? Answer: The ability to save changes to a file or create, rename, and delete files in a directory. ◉ What command is used to modify file permissions in Linux? Answer: The chmod command.
◉ What is the relationship between Allow and Deny permissions? Answer: Deny permissions override Allow permissions. ◉ What is a common strategy for combining Share and NTFS permissions? Answer: Assign Co-owner share permissions to Everyone and use NTFS permissions to control access. ◉ What protocol is used to tunnel FTP traffic through an SSH tunnel? Answer: Secure FTP (FTP over SSH). ◉ What type of list do both Share and NTFS permissions use to control access? Answer: A discretionary access control list (DACL). ◉ What is the principle of least privilege in the context of NTFS permissions? Answer: Assigning permissions only to necessary groups and only the minimum permissions required for those groups. ◉ How do NTFS permissions interact with share permissions? Answer: Even if share permissions are set to Everyone, only users or groups with specific NTFS permissions will have access. ◉ What is the purpose of iptables in Linux? Answer: A firewall command line utility that uses three policy chains to allow or block network traffic.
◉ What is physical device port hardening? Answer: Restricting physical interfaces (like USB or HDMI) on a device to reduce potential avenues of physical attack. ◉ How can UEFI/BIOS settings be used for port hardening? Answer: By disabling physical ports or requiring a password to boot from nonstandard sources like USB drives. ◉ What is the risk of using unknown USB devices according to the BadUSB research? Answer: Firmware can be reprogrammed to spoof other device classes, such as keyboards for keystroke injection or network devices for traffic redirection. ◉ What is a 'sheep dip' in cybersecurity? Answer: A sandboxed lab system used to observe suspicious devices for malicious behavior before connecting them to a production network. ◉ What is the primary defense against USB-based malware infection? Answer: Configuring hosts to prevent autorun when USB devices are attached. ◉ What are logical ports? Answer: Software-based communication features that enable data exchange between applications or services.
◉ What is the command to disable a service in Linux? Answer: systemctl disable servicename. ◉ Which utility is used to scan for open TCP and UDP ports on a system? Answer: nmap. ◉ What is the nmap command to scan for TCP ports? Answer: nmap
◉ What should you check before disabling a service? Answer: Whether the service is a dependency for another required service. ◉ What is the command to stop a service immediately in Linux? Answer: systemctl stop servicename. ◉ How can you identify if permission inheritance is in effect on Windows? Answer: By checking the Advanced Security settings for the file or folder. ◉ What command stops a service in Linux? Answer: systemctl stop servicename ◉ What command disables a service from starting automatically? Answer: systemctl disable servicename ◉ What is a network socket? Answer: An endpoint of a bi-directional communication flow across a computer network ◉ What does the netstat option - a do? Answer: Lists both listening and non-listening sockets ◉ What does the netstat option - l do? Answer: Lists only listening sockets