



























































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
This exam evaluates understanding of Tenable's vulnerability management solutions such as Tenable.io and Tenable.sc. It includes vulnerability scanning configuration, asset discovery, scanning policies, remediation workflows, dashboards, analytics, risk scoring, and integration with SIEM/SOAR. Learners practice prioritizing vulnerabilities using CVSS, VPR, and contextual risk models.
Typology: Exams
1 / 99
This page cannot be seen from the preview
Don't miss anything!




























































































Question 1. Which phase of the vulnerability management lifecycle involves assigning a risk score to each identified weakness? A) Asset discovery B) Vulnerability assessment C) Prioritization D) Remediation Answer: C Explanation: Prioritization assigns risk scores (e.g., CVSS, VPR) to decide which vulnerabilities to address first. Question 2. In Tenable terminology, what does VPR stand for? A) Vulnerability Performance Ratio B) Vulnerability Priority Rating C) Virtual Patch Repository D) Verified Penetration Report Answer: B Explanation: VPR is Tenable’s proprietary rating that combines exploitability, asset criticality, and vulnerability severity. Question 3. Which Tenable product is a SaaS‑based vulnerability management platform? A) Nessus Professional B) Tenable.sc C) Tenable.io D) Tenable.ot
Answer: C Explanation: Tenable.io is Tenable’s cloud‑native (SaaS) vulnerability management solution. Question 4. Which component is responsible for pulling vulnerability data from on‑premise assets into Tenable.io? A) Connectors B) Agents C) Scanners D) Dashboards Answer: A Explanation: Connectors integrate external data sources (e.g., cloud APIs) into Tenable.io. Question 5. What is the primary difference between a credentialed and a non‑credentialed scan? A) Credentialed scans run faster. B) Credentialed scans require valid login credentials to the target host. C) Non‑credentialed scans can detect only open ports. D) Non‑credentialed scans can modify system files. Answer: B Explanation: Credentialed scans log into the target to assess configuration and installed software, providing deeper insight.
D) Credential cache Answer: B Explanation: Parallelism controls how many concurrent connections a scan can open. Question 9. Which Tenable.io feature allows you to view the “exposure visibility” of an asset across multiple scan sources? A) Asset List B) Lumin Risk Dashboard C) Plugin Rules D) Compliance Check Answer: B Explanation: The Lumin Risk Dashboard aggregates data from all sources to show exposure visibility. Question 10. In Tenable.sc, what is the purpose of a “Dynamic Asset Group”? A) To manually add assets one by one. B) To automatically include assets that meet defined criteria (e.g., OS = Windows). C) To store scan results permanently. D) To export assets to CSV. Answer: B Explanation: Dynamic Asset Groups update automatically as assets meet or stop meeting the defined filters.
Question 11. Which CVSS metric measures the ease with which an attacker can exploit a vulnerability? A) Confidentiality Impact B) Attack Vector C) Scope D) Base Score Answer: B Explanation: Attack Vector (network, adjacent, local, physical) reflects exploitability. Question 12. What does the “Plugin Family” attribute in Nessus indicate? A) The operating system of the target. B) The category of vulnerability the plugin detects. C) The version of Nessus used. D) The scan speed. Answer: B Explanation: Plugin families group plugins by type (e.g., Windows, Web Servers) for easier management. Question 13. Which Tenable product provides continuous compliance checks against CIS Benchmarks? A) Nessus Essentials B) Tenable.io C) Tenable.sc D) Tenable.ot
A) To automatically patch vulnerable software. B) To provide step‑by‑step instructions for fixing a finding. C) To delete vulnerable files. D) To restart the scanner. Answer: B Explanation: Remediation scripts give administrators actionable commands to resolve findings. Question 17. Which Tenable feature allows you to import external vulnerability data (e.g., from a third‑party scanner) into the platform? A) Data Connector B) Plugin Override C) Asset Import API D) Scan Import Answer: D Explanation: Scan Import lets you bring in scan results from other tools for correlation. Question 18. In Tenable Lumin, what does the “Exposure Score” represent? A) The number of assets affected. B) The monetary cost of a breach. C) The likelihood that a vulnerability will be exploited on a specific asset. D) The total number of open ports. Answer: C
Explanation: Exposure Score combines vulnerability severity, exploitability, and asset criticality. Question 19. Which of the following is a recommended practice for reducing false positives in credentialed scans? A) Increase scan timeout. B) Use a privileged account with minimal rights. C) Disable plugin families unrelated to the target. D) Run scans only on weekends. Answer: C Explanation: Disabling irrelevant plugin families reduces noise and false positives. Question 20. What is the default port used by Nessus Manager to communicate with Nessus scanners? A) 8834 B) 443 C) 8443 D) 22 Answer: A Explanation: Port 8834 is the default HTTPS port for the Nessus web interface and manager‑scanner communication. Question 21. Which Tenable.io component stores the raw vulnerability data before it is processed for reporting? A) Data Lake
Explanation: Passive scanning listens to network traffic, revealing services without active probing. Question 24. What does the “Criticality Rating” (ACR) in Tenable Lumin describe? A) The severity of a vulnerability. B) The business importance of an asset. C) The number of open ports on a host. D) The age of the asset. Answer: B Explanation: ACR reflects how critical an asset is to the organization, influencing risk calculations. Question 25. Which Tenable product is specifically designed for operational technology (OT) environments? A) Tenable.io B) Tenable.sc C) Tenable.ot D) Nessus Professional Answer: C Explanation: Tenable.ot focuses on visibility and risk management for industrial control systems. Question 26. When configuring a Tenable.io scan, which option determines whether the scanner follows redirects on web pages? A) Follow HTTP redirects
B) Enable JavaScript rendering C) Use SSL verification D) Depth of crawl Answer: A Explanation: “Follow HTTP redirects” tells the web scanner to continue scanning after a redirect response. Question 27. Which type of Tenable plugin would you use to check for missing patches on a Windows host? A) Configuration audit plugin B) Patch management plugin C) Credentialed login plugin D) Malware detection plugin Answer: B Explanation: Patch management plugins enumerate installed updates and compare them to known patches. Question 28. In Tenable.io, what is the function of the “Asset Explorer” view? A) To edit scan policies. B) To visualize relationships between assets, vulnerabilities, and tags. C) To schedule scans. D) To manage user permissions. Answer: B
B) CIS Benchmarks C) DISA STIGs D) GDPR Answer: C Explanation: DISA Security Technical Implementation Guides (STIGs) are the DoD’s baseline. Question 32. In Tenable.sc, what does the “Scan Schedule” option “Continuous” imply? A) The scan runs once per day. B) The scan runs on a fixed hourly interval. C) The scanner continuously monitors the target without stopping. D) The scan runs only when triggered manually. Answer: C Explanation: “Continuous” mode keeps the scanner active, collecting data in near‑real time. Question 33. Which of the following is a primary benefit of using Nessus agents on cloud VMs? A) They eliminate the need for network connectivity. B) They reduce scan times by performing local checks. C) They replace the need for a central scanner. D) They provide full credentialed scans without any credentials. Answer: B
Explanation: Agents run locally on the VM, gathering data quickly and sending results back, reducing network‑based scan time. Question 34. Which Tenable.io report format is best suited for automated ingestion into a SIEM system? A) PDF B) CSV C) JSON D) HTML Answer: C Explanation: JSON is structured and easily parsed by SIEMs for automated processing. Question 35. What does the “Exploitability” metric in Tenable’s VPR calculation consider? A) Availability of a public exploit. B) The cost of remediation. C) The number of assets affected. D) The age of the vulnerability. Answer: A Explanation: Exploitability reflects whether a public exploit exists and its maturity. Question 36. In Tenable.sc, which role provides read‑only access to dashboards and reports but cannot modify scan policies? A) Administrator B) Analyst
Question 39. Which Tenable feature allows you to suppress a specific vulnerability for a defined period? A) Exclusion List B) Asset Tagging C) Plugin Override D) Scan Policy Answer: C Explanation: Plugin Override can be used to suppress or modify the severity of a specific plugin result. Question 40. What is the primary purpose of “Asset Criticality Rating” (ACR) in Tenable Lumin? A) To rank vulnerabilities by CVSS score. B) To weight risk based on business impact of the asset. C) To indicate the number of open ports. D) To show the age of the operating system. Answer: B Explanation: ACR reflects how essential an asset is to the organization, influencing the overall risk score. Question 41. Which scan type is most appropriate for discovering services on a network segment that blocks ICMP? A) Ping sweep
B) TCP SYN scan on common ports C) UDP broadcast scan D) ARP scan Answer: B Explanation: TCP SYN scans on well‑known ports can discover services when ICMP is filtered. Question 42. In Tenable.io, what does the “Compliance Dashboard” display? A) Vulnerability severity distribution. B) Results of policy compliance checks versus standards. C) Network topology maps. D) License usage statistics. Answer: B Explanation: The Compliance Dashboard visualizes compliance status against selected frameworks. Question 43. Which of the following is a recommended step before deploying Nessus agents to production systems? A) Disable all firewalls. B) Verify the agent can reach the manager on port 8834. C) Install the latest Windows Service Pack only. D) Change the default admin password on the manager. Answer: B
A) Tenable.io stores data on‑premises, Tenable.sc in the cloud. B) Tenable.io uses a cloud Data Lake, Tenable.sc stores data locally in a database. C) Both store data only in CSV files. D) Tenable.sc does not store historical data. Answer: B Explanation: Tenable.io’s Data Lake is cloud‑based, while Tenable.sc retains data in an on‑premises PostgreSQL database. Question 47. In a credentialed Windows scan, which account type provides the most comprehensive results? A) Local user with limited rights. B) Domain admin. C) Guest account. D) Service account with read‑only rights. Answer: B Explanation: A domain admin can access all system resources, ensuring full coverage of configuration checks. Question 48. Which Tenable plugin family would you enable to detect outdated Java installations? A) Java B) Web Servers C) Application Servers D) Operating Systems
Answer: A Explanation: The Java plugin family specifically checks for vulnerable Java versions. Question 49. What is the purpose of the “Asset Export” function in Tenable.io? A) To delete assets. B) To download a list of assets and their tags for external processing. C) To import new assets from a CSV file. D) To schedule a scan. Answer: B Explanation: Asset Export creates a file (CSV/JSON) containing asset details for use outside Tenable. Question 50. Which of the following best describes “Risk Recasting” in Tenable Lumin? A) Adjusting vulnerability scores based on business context. B) Changing the scan schedule. C) Deleting old scan data. D) Updating plugin feeds. Answer: A Explanation: Risk recasting modifies risk calculations using custom business rules and asset importance. Question 51. When configuring a Tenable.sc scan, which option enables the scanner to automatically retry failed hosts?