










































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Designed to validate external attack surface discovery and monitoring skills, this exam focuses on identifying internet-facing assets, shadow IT, misconfigured cloud services, expired certificates, exposed APIs, and outdated software components. It evaluates a candidate’s ability to assess organizational digital footprint risks, configure continuous monitoring, interpret external scanning results, and prioritize remediation based on exploitability and business impact.
Typology: Exams
1 / 82
This page cannot be seen from the preview
Don't miss anything!











































































Question 1. Which component is NOT typically part of an external attack surface (EAS)? A) IP addresses B) Internal LAN switches C) Open ports D) Subdomains Answer: B Explanation: Internal LAN switches reside within the internal network and are not exposed to the internet, so they are not part of the EAS. Question 2. What is the primary difference between an attack vector and an attack surface? A) An attack vector is a method of exploitation; an attack surface is the collection of assets that can be attacked. B) An attack surface is a single IP; an attack vector is a list of IPs. C) An attack vector is only used in phishing; an attack surface is used in malware. D) There is no difference; the terms are interchangeable. Answer: A Explanation: An attack vector describes how an adversary can reach a target, while the attack surface is the set of vulnerable points that can be targeted. Question 3. Which of the following is a common use case for Attack Surface Management (ASM)? A) Managing internal user passwords B) Digital asset discovery
C) Configuring firewalls only D) Writing secure code Answer: B Explanation: ASM helps discover and monitor digital assets exposed to the internet, making digital asset discovery a primary use case. Question 4. In ASM, why is continuous monitoring important? A) It reduces the need for any security staff. B) It allows near‑real‑time identification of new or changed exposures. C) It replaces vulnerability scanning entirely. D) It only tracks internal network traffic. Answer: B Explanation: Continuous monitoring provides up‑to‑date visibility of the external attack surface, enabling rapid detection of changes. Question 5. Which technique is considered passive data gathering for asset discovery? A) Port scanning B) DNS zone transfers C) Shodan API queries D) Credentialed host scanning Answer: C Explanation: Passive techniques like querying Shodan collect data without directly interacting with the target, unlike active scans.
D) Limiting discovery to one TLD. Answer: C Explanation: Shared hosting can cause multiple domains to resolve to the same IP, leading to over‑counting assets if not filtered. Question 9. Tenable Attack Surface Management was formerly known as: A) Tenable.io B) Tenable.asm C) Tenable.sc D) Tenable.nessus Answer: B Explanation: The product was originally released as Tenable.asm before being rebranded to Tenable Attack Surface Management. Question 10. What is the primary purpose of Tenable ASM’s “largest attack surface map”? A) To display internal network topology. B) To visualize all discovered external assets and their relationships. C) To show only vulnerable assets. D) To map user permissions. Answer: B Explanation: The map aggregates discovered external assets, showing how they connect and where exposure exists.
Question 11. Which feature of Tenable ASM enables rapid onboarding of new assets? A) Manual CSV import only B) Unlimited Top‑Level Domains (TLDs) for discovery C) Fixed‑size asset inventory limit D) Requirement for VPN access Answer: B Explanation: Supporting unlimited TLDs allows the platform to discover assets across any domain without pre‑configuration. Question 12. In the Tenable ASM Administrator Interface, which section is used to view cloud‑specific sensor data? A) Explore B) Cloud Sensors C) Inventory D) Dashboard Answer: B Explanation: The Cloud Sensors tab provides visibility into sensors deployed in cloud environments. Question 13. Which role in Tenable ASM would most likely have permission to create and manage exclusion rules? A Viewer B Auditor C Administrator
Question 16. How does Tenable ASM handle asset deletion? A) Permanently erases data with no recovery. B) Moves assets to a “Deleted Assets” view where they can be restored. C) Sends the asset to an external archival system. D) Requires a manual database purge. Answer: B Explanation: Deleted assets are retained in a soft‑deleted state, allowing restoration if needed. Question 17. What is the function of “Suggested Domains” in Tenable ASM? A) To recommend domains for purchase. B) To verify and discover unknown domains related to existing assets. C) To block malicious domains automatically. D) To generate random domain names for testing. Answer: B Explanation: Suggested Domains provide potential related domains that may belong to the organization, aiding discovery. Question 18. Which category of security risk is NOT explicitly defined by Tenable ASM? A) Exposure risk B) Compliance risk C) Physical security risk D) Technology risk
Answer: C Explanation: Tenable ASM focuses on digital exposure, compliance, and technology risks, not physical security. Question 19. How does Tenable ASM prioritize remediation efforts? A) Alphabetically by asset name. B) By combining asset metadata such as open ports, technology fingerprinting, and risk scores. C) Randomly selecting assets. D) Only based on asset age. Answer: B Explanation: The platform uses contextual metadata and risk scoring to rank assets for remediation. Question 20. What does a “continuous data refresh” in Tenable ASM refer to? A) Daily or bi‑weekly re‑collection of asset data to keep the inventory current. B) A one‑time import of static data. C) Manual updates by the user only. D) Refreshing only the UI theme. Answer: A Explanation: Continuous refreshes ensure that the discovered attack surface reflects the latest changes. Question 21. Which event type would trigger an “Attack Surface Change Alert” in Tenable ASM?
Question 24. In an integrated environment, what does “Asset Identification Characteristics” refer to? A) The physical location of a server. B) Unique fingerprints such as TLS certificates, open ports, and service banners used to match assets across tools. C) The username of the asset owner. D Answer: B Explanation: These characteristics help correlate the same asset across Tenable ASM, TVM, and other solutions. Question 25. Which cloud provider does Tenable ASM support for keyless authentication? A) AWS only B) Azure only C) Both AWS and Microsoft Azure D Answer: C Explanation: Tenable ASM provides keyless (IAM role) integration for major cloud platforms, including AWS and Azure. Question 26. What is the primary benefit of using Tenable ASM’s well‑documented API? A) To manually edit the UI code. B) To automate custom integrations and security workflows programmatically.
Answer: B Explanation: The API enables developers to pull data, push configurations, and embed ASM insights into other tools. Question 27. Which of the following best describes “Cloud Sensors” in Tenable ASM? A) Physical devices placed in data centers. B) Software agents that collect asset data from cloud service provider APIs. C Answer: B Explanation: Cloud Sensors query cloud APIs to discover resources without installing agents on the workloads. Question 28. How does Tenable ASM assist with brand protection? A) By monitoring for misspelled domains and expired marketing URLs that could be abused. B Answer: A Explanation: Detecting typo‑domains and stale assets helps prevent brand‑related phishing and fraud. Question 29. In the context of M&A risk assessment, Tenable ASM helps by: A) Providing a list of internal employee salaries. B
Answer: A Explanation: The certificate issuer can indicate third‑party services used by the asset, highlighting supply‑chain dependencies. Question 33. What does the “Explore” tab in Tenable ASM primarily provide? A) A list of internal firewall rules. B Answer: B Explanation: Explore allows users to query and visualize assets, filters, and relationships across the attack surface. Question 34. Which of the following is NOT a tag use case in Tenable ASM? A) Categorizing assets by business unit. B Answer: B Explanation: Tags are for categorization, not for directly triggering remediation actions. Question 35. How can you reduce the number of false positives caused by shared hosting environments? A) Apply exclusion rules for the entire IP range. B
Answer: B Explanation: Excluding known shared‑hosting IP ranges or using more granular fingerprinting helps reduce noise. Question 36. Which of the following best describes “Technology Fingerprinting” in Tenable ASM? A) Recording the MAC address of a device. B Answer: B Explanation: Fingerprinting identifies software, frameworks, and services based on observable characteristics like banners and certificates. Question 37. When configuring a subscription for change alerts, which frequency is recommended for high‑risk environments? A) Weekly B Answer: B Explanation: Near‑real‑time or daily alerts ensure rapid response to critical changes. Question 38. Which of the following is a key benefit of unlimited TLD discovery in Tenable ASM? A) It limits scanning to only .com domains. B
Explanation: Cross‑checking assets against multiple data sources (DNS, WHOIS, CT logs) improves verification. Question 42. In Tenable ASM, what is the purpose of “Automation Rules”? A) To manually delete assets. B Answer: B Explanation: Automation rules can automatically tag, exclude, or trigger alerts based on predefined conditions. Question 43. Which of the following is a typical output format for exporting asset data from Tenable ASM? A) .exe file B Answer: B Explanation: CSV and JSON are common export formats for further analysis. Question 44. How does Tenable ASM assist with compliance initiatives such as GDPR? A) By encrypting all external traffic. B Answer: B Explanation: It can locate assets that store personal data (PII) and assess their exposure, supporting compliance reporting.
Question 45. Which of the following best describes the “Suggested Domains” workflow? A) Auto‑generating random domain names for testing. B Answer: B Explanation: Suggested Domains are generated based on patterns and relationships to existing assets, prompting verification. Question 46. Which Tenable product provides the core vulnerability scanning engine that can be leveraged by ASM? A) Tenable.io Vulnerability Management (TVM) B Answer: A Explanation: TVM (formerly Nessus) supplies the scanning capabilities that ASM can invoke for deeper analysis. Question 47. What is the primary advantage of using “Keyless Authentication” for cloud integrations? A) It eliminates the need to store static credentials. B Answer: A Explanation: Keyless (IAM role) authentication improves security by using temporary, automatically rotated tokens.
Question 51. Which of the following is NOT a method for reducing false positives in ASM? A) Correlating multiple data sources. B Answer: B Explanation: Correlation improves confidence; ignoring data sources would increase false positives. Question 52. How does Tenable ASM differentiate between “External” and “Internal” assets? A) By IP address range classification (public vs. private). B Answer: A Explanation: Public IPs are treated as external; private IPs are considered internal. Question 53. Which of the following is an example of a “Technology” risk category in Tenable ASM? A) Outdated SSL/TLS protocol versions. B Answer: B Explanation: Technology risk relates to vulnerable software or misconfigurations like weak TLS. Question 54. Which Tenable ASM feature helps in tracking the lifecycle of an asset from discovery to remediation?
A) Tags and automation rules. B Answer: A Explanation: Tags can denote status, and automation rules can trigger actions as the asset moves through stages. Question 55. Which of the following best explains “Passive DNS” as used in ASM? A) Actively querying DNS servers for records. B Answer: B Explanation: Passive DNS collects historical DNS resolution data from third‑party sensors without sending queries. Question 56. What type of alert would you receive if a previously unknown subdomain is found pointing to a corporate IP? A) Asset Deletion Alert B Answer: B Explanation: This is a “New Asset” or “Change” alert indicating expanded exposure. Question 57. Which of the following is a key metric for prioritizing remediation in ASM? A) Number of internal users. B