


















































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
This practice exam is designed to validate a candidate’s understanding of Tenable Vulnerability Management fundamentals, including asset discovery, vulnerability scanning, assessment workflows, prioritization algorithms, and remediation reporting. It evaluates knowledge of scanning configuration, credentialed scanning best practices, cloud-based agent deployment, dashboard analytics, exposure scoring, and integration with ticketing or SIEM tools. The exam also assesses proficiency in interpreting scan results, designing efficient vulnerability management programs, and utilizing Tenable’s continuous visibility capabilities to support compliance and risk reduction.
Typology: Exams
1 / 90
This page cannot be seen from the preview
Don't miss anything!



















































































Question 1. Which phase of the vulnerability management lifecycle focuses on assigning risk scores to identified weaknesses? A) Identification B) Assessment C) Prioritization D) Mitigation Answer: C Explanation: Prioritization evaluates the severity and business impact of each vulnerability to rank remediation effort. Question 2. In Tenable.io, what component is primarily responsible for performing credentialed scans on remote hosts? A) Nessus Agent B) Tenable Lumin C) Tenable OT D) Tenable Core Answer: A Explanation: Nessus Agents run on the target system, allowing authenticated checks without network‑based credential passing. Question 3. Which of the following best describes the difference between a vulnerability assessment and a penetration test? A) Assessments use only credentialed scans, tests use only non‑credentialed scans. B) Assessments identify known weaknesses; tests attempt to exploit them. C) Assessments are manual, tests are fully automated. D) Assessments focus on compliance, tests focus on performance.
Answer: B Explanation: A vulnerability assessment catalogs known issues, while a penetration test validates exploitability. Question 4. The CVSS base score primarily reflects which aspect of a vulnerability? A) Exploit availability in the wild B) Business impact on confidentiality, integrity, and availability C) Frequency of patch releases D) Vendor reputation Answer: B Explanation: CVSS base metrics evaluate the intrinsic characteristics of a vulnerability, including impact on CIA. Question 5. Which Tenable product provides a cloud‑based, multi‑tenant platform for continuous vulnerability monitoring? A) Tenable.sc B) Tenable.io C) Nessus Professional D) Tenable.ot Answer: B Explanation: Tenable.io is the SaaS offering delivering continuous scanning and reporting across tenants. Question 6. In Tenable.sc, what term is used for a logical grouping of assets based on shared attributes such as OS or IP range? A) Asset Tag
Question 9. What is the primary advantage of using Nessus Agents on laptops that frequently connect to different networks? A) Agents increase scan speed on the network. B) Agents eliminate the need for open ports on the laptop. C) Agents provide real‑time patch installation. D) Agents replace credentialed scans. Answer: B Explanation: Agents operate locally, so the laptop does not need listening ports for remote scans. Question 10. Which scan template in Tenable.io is optimized for scanning web applications and includes OWASP checks? A) Basic Network Scan B) Advanced Scan C) Web Application Scan (WAS) D) Compliance Scan Answer: C Explanation: The WAS template focuses on web‑specific vulnerabilities such as XSS and SQLi. Question 11. In a credentialed Windows scan, which type of account provides the most comprehensive visibility? A) Local user with limited rights B) Domain user with read‑only rights C) Domain administrator account D) Guest account Answer: C
Explanation: A domain admin can access system files, registry, and services, enabling deep checks. Question 12. Which Tenable component aggregates vulnerability data from multiple scanners to provide enterprise‑wide reporting? A) Tenable Lumin B) Tenable Core C) Tenable OT D) Tenable.io Cloud Platform Answer: D Explanation: The Tenable.io Cloud Platform consolidates data from all linked scanners. Question 13. What does the VPR metric in Tenable.io represent? A) Vendor Patch Release date B) Vulnerability Priority Rating C) Virtual Private Router status D) Volume of Patch Requests Answer: B Explanation: VPR combines CVSS, exploitability, and asset context to prioritize remediation. Question 14. Which of the following is a key component of Tenable Lumin’s risk model? A) Asset Criticality Rating (ACR) B) Network Throughput Score (NTS) C) Scan Frequency Index (SFI) D) Credential Strength Metric (CSM)
B) To assign licensing to a set of scanners. C) To combine multiple compliance standards into one file. D) To create a reusable set of scan settings for different asset groups. Answer: D Explanation: Policy Bundles allow administrators to apply the same scan configuration across multiple assets. Question 18. Which scanning technique is most stealthy and less likely to be detected by intrusion detection systems? A) Full TCP connect scan B) SYN (half‑open) scan C) UDP scan D) ICMP echo scan Answer: B Explanation: SYN scans only send the initial handshake packet, avoiding full connection establishment. Question 19. What is the primary function of Tenable Core within the Tenable ecosystem? A) Host cloud‑based data analytics. B) Provide a unified platform for Nessus, Nessus Manager, and Tenable.sc. C) Replace the need for Nessus Agents. D) Serve as a firewall for scan traffic. Answer: B Explanation: Tenable Core consolidates the core scanning engines and management components.
Question 20. Which of the following best describes “exploitability” in the context of vulnerability prioritization? A) The number of CVEs associated with a product. B) The existence of a publicly available exploit or proof‑of‑concept. C) The time since the vulnerability was disclosed. D) The vendor’s response time to patch. Answer: B Explanation: Exploitability measures how easily an attacker can weaponize a vulnerability. Question 21. When configuring a scan in Tenable.io, which option determines the range of ports to be probed? A) Scan Depth B) Port Range C) Protocol Filter D) Network Segment Answer: B Explanation: The Port Range setting tells the scanner which TCP/UDP ports to include. Question 22. Which of the following is a common cause of credentialed scan failures on Linux hosts? A) Disabled SNMP service B) SELinux enforcing mode blocking the Nessus daemon C) Closed port 443 D) Outdated OpenSSL library Answer: B
D) Frequency of previous vulnerabilities. Answer: B Explanation: ACR incorporates business impact factors to assess how critical an asset is to the organization. Question 26. Which of the following is NOT a supported authentication method for Nessus credentialed scans? A) SSH key‑based authentication B) Windows Integrated Authentication (Kerberos) C) OAuth 2.0 token D) SMB share credentials Answer: C Explanation: Nessus does not use OAuth for host authentication; it relies on SSH, SMB, and Windows auth. Question 27. When scanning cloud workloads via Tenable.io connectors, which API permission is essential for AWS EC2 discovery? A) s3:ListBucket B) ec2:DescribeInstances C) iam:CreateUser D) lambda:InvokeFunction Answer: B Explanation: The DescribeInstances API returns instance metadata needed for asset inventory. Question 28. Which of the following statements about Tenable Lumin’s “Cyber Exposure” metric is true?
A) It only considers CVSS scores. B) It aggregates VPR, ACR, and exploitability into a single exposure value. C) It is calculated solely on the number of open ports. D) It ignores asset criticality. Answer: B Explanation: Cyber Exposure combines vulnerability priority, asset importance, and exploitability. Question 29. In Tenable.io, what is the effect of enabling “Fast Network Scan” on a large subnet? A) Reduces the number of ports scanned per host. B) Increases the timeout for each probe. C) Switches from TCP SYN to UDP scans. D) Enables parallel scanning across multiple scanners. Answer: D Explanation: Fast Network Scan distributes workload across available scanners to speed up large‑scale assessments. Question 30. Which of the following is a primary reason to use a “Non‑Credentialed Scan” on a production environment? A) To obtain detailed patch version information. B) To avoid impacting host performance. C) To enumerate local user accounts. D) To bypass firewall restrictions. Answer: B
Answer: B Explanation: Scanner Groups allow a policy to be executed across several scanners, distributing the workload. Question 34. Which Tenable product provides a dedicated interface for scanning and managing IoT/OT devices? A) Tenable.ot B) Tenable.io C) Tenable.sc D) Nessus Professional Answer: A Explanation: Tenable.ot is built for operational technology asset discovery and vulnerability assessment. Question 35. When performing a web application scan, which vulnerability type is NOT typically detected by the default WAS plugin set? A) Cross‑Site Scripting (XSS) B) SQL Injection C) Server‑Side Request Forgery (SSRF) D) Buffer Overflow in binary executables Answer: D Explanation: WAS focuses on web‑application logic flaws, not low‑level binary vulnerabilities. Question 36. Which of the following is a recommended practice for reducing false positives in credentialed scans? A) Increase the scan timeout value.
B) Disable all plugin families. C) Ensure accurate and up‑to‑date credentials are used. D) Run scans only on weekends. Answer: C Explanation: Correct credentials allow the scanner to verify findings against actual system state, lowering false positives. Question 37. In Tenable.io, what does the “Asset Inventory” feature primarily provide? A) Real‑time network traffic capture. B) A dynamic list of discovered assets with metadata. C) Automated patch deployment. D) License usage statistics. Answer: B Explanation: Asset Inventory maintains an up‑to‑date catalog of devices, their attributes, and relationships. Question 38. Which of the following best describes a “Compliance Scan” in Tenable products? A) A scan that only checks for open ports. B) A scan that validates system configurations against a benchmark. C) A scan that attempts to exploit vulnerabilities. D) A scan that runs exclusively on cloud assets. Answer: B Explanation: Compliance scans compare system settings to standards such as CIS or DISA STIGs.
Explanation: Threat Intelligence feeds provide real‑time exploit data that influence VPR calculations. Question 42. In a Tenable.io scan policy, what does the “Performance” setting control? A) Number of concurrent hosts scanned. B) Frequency of credential rotation. C) Depth of plugin execution. D) Size of exported report files. Answer: A Explanation: Performance options adjust parallelism to balance speed versus network load. Question 43. Which of the following is a primary reason to use “ARP Scan” on a local Ethernet segment? A) To discover hosts across multiple subnets. B) To bypass firewall rules that block ICMP. C) To enumerate IPv6 devices. D) To identify open TCP ports. Answer: B Explanation: ARP operates at layer 2 and is not filtered by typical firewalls, making it effective for local discovery. Question 44. What does the “License Utilization” report in Tenable.io indicate? A) Number of scans run per day. B) Percentage of licensed scanner capacity in use. C) Total number of discovered assets. D) Average time to remediate vulnerabilities.
Answer: B Explanation: License Utilization tracks how many scanner licenses are active versus purchased. Question 45. Which of the following is a correct statement about Tenable.ot’s “Passive Monitoring” mode? A) It actively logs into OT devices to retrieve firmware versions. B) It captures network traffic without installing agents. C) It disables all scanning to avoid disruption. D) It requires a VPN tunnel to each PLC. Answer: B Explanation: Passive Monitoring listens to OT communications, providing visibility without direct device interaction. Question 46. When integrating Tenable.io with a ticketing system, which field is most commonly mapped to the “Assignee” in the ticket? A) Asset Tag Owner B) Vulnerability ID C) Scan Policy Owner D) Remediation Owner attribute Answer: D Explanation: The Remediation Owner attribute designates the responsible team for fixing a finding. Question 47. Which of the following best explains why “Network Segmentation” can improve vulnerability management outcomes? A) It reduces the number of assets to scan.
Question 50. Which Tenable product is primarily used for on‑premises, high‑volume scanning in large enterprises? A) Tenable.io B) Tenable.sc (formerly SecurityCenter) C) Tenable.ot D) Tenable Lumin Answer: B Explanation: Tenable.sc provides on‑premises management of multiple scanners for enterprise‑scale deployments. Question 51. What is the purpose of the “Scan Credential” profile in Tenable.io? A) To store API keys for cloud connectors. B) To define a set of login credentials used during scans. C) To encrypt scan results at rest. D) To schedule scans during off‑peak hours. Answer: B Explanation: Credential profiles contain usernames, passwords, or keys that the scanner uses for authenticated checks. Question 52. Which of the following best describes the “Exploitability” component of Tenable’s risk model? A) The CVSS base score multiplied by asset age. B) A binary indicator of whether a public exploit exists. C) The number of CVEs associated with a product. D) The time since the vulnerability was disclosed. Answer: B
Explanation: Exploitability reflects the presence of a known exploit, influencing the urgency of remediation. Question 53. In Tenable.io, which dashboard widget would you use to quickly identify the top 5 most vulnerable assets? A) Asset Heat Map B) Top Vulnerable Assets Table C) Risk Distribution Pie Chart D) Scan Frequency Histogram Answer: B Explanation: The Top Vulnerable Assets Table lists assets ranked by total findings or exposure. Question 54. Which of the following actions can be automated via the Tenable.io API? A) Deploying new physical scanners. B) Generating a PDF compliance report. C) Changing the operating system on a host. D. Updating firewall rules. Answer: B Explanation: The API includes endpoints to request report generation in various formats. Question 55. What does the “Port Range” value of “1‑ 1024 ” typically indicate in a scan policy? A) Only privileged ports will be scanned. B) All ports will be scanned. C) Scanning is limited to the first 1024 well‑known ports. D) Scanning will be performed on UDP only.