Secureworks VDR Analyst Final
Taegis VDR simulates various attack paths throughout the scanned environment. Through this analysis, a specific host is consistently found to be part of multiple attack paths. Which factor will have its scoring modified based on these results? (A) Asset Context (B) External Context (C) Network Context (D) Vulnerability Properties
- (C) Network Context
What is a Remediation Plan within the Taegis VDR environment? (A) A collection of vulnerabilities used to track how many vulnerabilities have been resolved and their overall health score impact if they are completed. (B) An executive report generated by Taegis VDR that can be shared with leadership to describe what steps will be taken to resolve existing vulnerabilities within the environment. (C) A report that determines what actions are common across various assets to show the relationship of how one action will affect one or more servers or websites. (D) An assignment of vulnerabilities to a team in which deadlines and target dates for remediation may be set and managed within the Taegis VDR environment.
(A) A collection of vulnerabilities used to track how many vulnerabilities have been resolved and their overall health score.
A VDR Analyst wants to report to a client the factor(s) that most influence a vulnerability's CPS score, and the impact of factors from each Factor Category when compared to its CVSS score. Where should the VDR Analyst go to view these datasets together? (A) The Vulnerability Prioritization graph in the Scoring section of a select vulnerability from the Vulnerabilities tab (B) The Vulnerability Variation panel of the Dashboard tab (C) The Vulnerability Scoring graph in the Details section of the selected vulnerability from the Vulnerabilities tab (D) The Vulnerability Prioritization graph in the VDR AI section of the Dashboard tab
(A) The Vulnerability Prioritization graph in the Scoring section of the select vulnerability from the Vulnerabilities tab
A VDR Analyst has been asked to create an asset report that meets the following criteria: · Server running either Redhat Enterprise Linux or Debian · MySQL DB server version 7 or higher on the standard port 3306/tcp · Only in the 172.16.32.0/19 subnet · No vulnerabilities with a CPS score greater than 7 · SSH service running on the server Which query will generate the requested asset report? (A) software:MySQL>=7 port:3306/tcp=open ip:172.16.32.0/19 (os:RHEL OR Debian) -score:7 service:ssh (B) software:MySQL=>7 port:3306/tcp=open ip:172.16.32.0/19 (os:RHEL || Debian) vulnerability:score <7 service:ssh (C) software:MySQL>=7 port:3306/tcp=open ip:172.16.32.0/19 os:RHEL os:Debian -score:7 service:ssh (D) software:MySQL>=7 port:3306/tcp=open ip:172.16.32.0/19 os:(RHEL OR Debian) vulnerability:score <7 service:ssh
(A) software:MySQL>=7 port:3306/tcp=open ip:172.16.32.0/19 (os:RHEL OR Debian) -score:7 service:ssh
When reviewing the vulnerabilities found in a recent scan, a specific vulnerability has a CPS value that has increased above the original CVSS value. What three locations can a VDR Analyst visit to understand how this value has been adjusted? (Choose three.) (A) Look at the VDR AI portion of the dashboard and find the vulnerability in question. (B) Search for the vulnerability in the Vulnerabilities section and view the Scoring tab. (C) Click the Information button on the vulnerability within the remediation plan it is assigned. (D) Click the Information button on the vulnerability within the website on which the issue is found. (E) Search for the vulnerability within the Contextual Vulnerability Prioritization Distribution dashboard menu.
(B) Search for the vulnerability in the Vulnerabilities section and view the Scoring tab. (C) Click the information button on the vulnerability within the remediation plan it is assigned. (D) Click the information button on the vulnerability within the website on which the issue is found.
VDR recommends disabling TRACE and TRACK methods for a HTTP debugging vulnerability. Where did VDR recommend this? (A) On the website that had the vulnerability (B) In the Scoring section for the vulnerability (C) In the Remedy section of the vulnerability details (D) In the Info section for the vulnerability
(C) In the Remedy section of the vulnerability details
A company has an SLA in place to resolve any critical vulnerabilities within 30 days of detection. Remediation for critical vulnerabilities tied to a specific product are consistently completed within 14 days. Which factor would have its scoring influenced due to this behavior? (A) Asset Context (B) External Context (C) Organization Context (D) Vulnerability Properties
(C) Organization Context
Which two types of Assets can be found with a Manual Discovery Scan? (Choose two.) (A) Endpoints (B) Servers (C) Websites (D) IP Addresses (E) Network Appliances
(C) Websites (D) IP Addresses
What is required for a VDR Analyst to define when scheduling a scan of internal assets? (A) External IP range (B) A specific kill time (C) Exclusions (D) An Edge Service
(D) Edge Service
A VDR Analyst needs to find the list of scans conducted against a specific server, as well as whether those scans completed or failed. Which tab on the server asset should the VDR Analyst review? (A) Server (B) Vulnerabilities (C) Schedule (D) History
(D) History
A VDR Analyst is asked if there are any restrictions for what can be placed in the fields when editing the Contact Information or Description fields of a server. The concern is that some special characters may not be allowed to prevent certain web attacks. How should the VDR Analyst respond to this concern? (A) Special characters are not allowed within those two fields to prevent all web-based attacks, such as SQL Injection or Cross-Site Scripting. Only alphanumeric input is allowed. (B) Special characters are allowed within those two fields, with the exception of the single quote character to prevent escaping the input being read by the application. (C) Special characters are allowed within those two fields. The search string must be enclosed with double quotes when searching for these characters. (D) Special characters are allowed. Extended ASCII values, such as à É ï ô ü, are not allowed because the platform does not support extended ASCII.
(D) Special characters are allowed. extended ASCII values, such as à É ï ô ü, are not allowed because the platform does not support extended ASCII.
A new vulnerability is discovered that can allow remote code execution to leverage a weakness in the Server Message Block (SMB) Protocol on port 445. Initial reports show that only Windows Server 2008 appears to be affected. This could be exploited internally, but first the VDR Analyst needs to gather a list of internet-facing hosts on which this port has been detected as being open via an external scan. Which search string should be used to find these hosts? (A) edge:"None (Internet)" port:445=open os:"Windows 2008" (B) edge:Internet port:SMB=open os:"Windows Server 2008" (C) edge:"None (Internet)" port:SMB=open os:"Windows Server 2008" (D) edge:Internet port:445=open os:"Windows 2008"
(D) edge:Internet port:445=open os:"Windows 2008"
While trying to generate a report for host IP 10.10.10.200, a VDR Analyst discovers it is not listed as an asset within their view. What is the most likely reason for this issue? (A) Generated reports count has been exceeded. (B) Team Selector filter must be set to All Teams. (C) IP 10.10.10.200 is an invalid IP Address. (D) IP 10.10.10.200 has been hidden from VDR.
- Failure to validate: The website is not reponding, The hostname cannot be resolved, The Edge Service through which the asset is to be reached is not connected. - Automatic Asset Removal: Scheduled assets that haven't been seen for a certain period of time can be automatically removed after predefined delay. The default is 180 days. - Website View Filters: Assets must match both filters to be displayed. (B) Team Selector filter must be set to All Teams
A VDR Analyst wants to track a few specific servers that are being managed by outside consultants. In which two ways can the VDR Analyst accomplish this in VDR? (Choose two.) (A) Set these servers up on their own scan schedule. (B) Edit these servers and add an additional tag. (C) Set up a search for "Outside Consultants". (D) Create a remediation plan for the servers the consultants manage. (E) Add the servers to a team created for the consultants.
- Local and Internet servers are assigned and defined by a unique IP and are tracked through advanced fingerprinting as the IP could change over time. The IP address points to a specific computer, whether physical hardware or virtual. - Create Edge Service (E) Add the servers to a team created for the consultants
A change made to a Windows Domain Controller must be rescanned immediately per company security policy. In which two ways can a VDR Analyst initiate an ad hoc scan on a single asset? (Choose two.) (A) On the Auto Discovery tab, select New Scan, enter the asset's IP address, and select Start Scan. (B) On the Servers tab, select the asset, and select Scan Now in the Servers section. (C) On the Servers tab, select the asset, find the most recent scan in the History section, and select Rescan Now. (D) On the Auto Discovery tab, select the asset, and select Scan Now in the right properties pane.
- Manual Scans - Auto Discovery Automatic Scheduling/ Discover scheduling - Bulk Scheduling (B) On the Servers tab, select the asset, and select Scan Now in the Servers section (D) On the Auto Discovery tab, select asset, and select Scan Now in the right properties pane.
A new attack affects many industries and makes news globally. VDR takes this into account in scoring. Which factor category applies in this situation? (A) Vulnerability Properties (B) Asset Context (C) Organization Context (D) External Context
- Scoring Pane/ Viewing Remediation Plans - Vulnerability Properties - VDR Prioritization: (Vulnerability: Base Score) or (Asset: Exposure) (D) External Context
Scans are failing on multiple assets and several attempts are made with no change. The presence, power status, and connectivity of the affected assets have been verified, as well as the status of the Edge Servers being used. The decision has been made to seek vendor support. What are the next steps the VDR Analyst should take? (A) 1. Under the Auto Discovery tab, select one of the assets from the failed scan job. 2. Select the Scan Details button in the right details pane 3. Select the Export button and choose the .csv file format. 4. Send the newly created .csv file to Taegis support. (B) 1. Under the Servers tab, select one of the assets from the failed scan job. 2. Under the History tab, choose the Failed radio button and select Export Scan Logs to export the logs to an xml file. 3. Send the newly created xml file to Taegis support. (C) 1. Under the Auto Discovery tab, select the range that includes the affected assets. 2. In the Properties pane, select the latest scan under the Activities Log tab. 3. Select the Scan Log button to the right. 4. Send the Scan ID number to Taegis support. (D) 1. Under the Servers tab, select one of the affected assets. 2. Under the History tab, select the Failed radio button and choose the most recent failed scan. 3. Select the Scan Log button and copy the Scan ID number to send to Taegis support. 4. Repeat this process for each affected asset.
- Select how many retries VDR will perform - Build a remediation plan (D)
A VDR Analyst is given a web URL of www.companyname.com to scan. The scan consistently returns with nothing found. According to the web developer, there is no redirect in place to get to the true home page of www.companyname.com/welcome.What should the analyst do to make sure the scan completes successfully? (A) Increase the number of retries for the scan so it will not timeout. (B) Go to the Fuzzed URLs section of the website and add the Welcome page. (C) Create a tag named No_Redirect and apply it to the website. (D) Set an alternate starting URL for the website.
- Verify the range is not to large (D) Set an alternate starting URL for the website
A new CVE is published, and an organization is concerned about the effect. Management makes it a top priority to address vulnerability first. Remediation time depends on how many assets are affected. Which task should a VDR Analyst perform first in VDR? (A) Review the dashboard pane to look for the impact. (B) Import affected assets into VDR. (C) Search for the new CVE to find affected assets. (D) Create a remediation plan proactively.
- Vulnerability Risk Detection 1. Vulnerability: Base Score 2. Asset: Exposure 3. Network: Network Attack Surface 4. Organization: Behavioral Analytics 5. External: Public Exploit Availability - Create connector for remediation plan - Create Public API - Create Remediation Plan. Find out more about new CVE and find out how many assets were affected. (C) Search for the new CVE to fine affected assets
An organization decides on a new naming convention for their servers. As a result, the VDR Analyst needs to see all the servers whose hostname starts with the same three letters: ARC. How can the VDR Analyst accomplish this? (A) On the Servers tab, enter hostname:arc into the Search combo box. (B) On the Server tab, enter arc in the Search combo box. (C) On the Server tab, pull down the Search combo box and enter ARC in the Hostname field. (D) On the Server tab, select the Hostname header of the server list view. Select filter, then enter ARC*
Bulk asset import (B) On the Server tab, enter arc in the Search combo box
A VDR Analyst needs to perform a search for new vulnerabilities. This search needs to include CVE-2016-10010 that appeared on hosts tagged as located in the Tallahassee office. What is the appropriate search query? (A) cve:CVE-2016-10010 tag:Tallahassee (B) cve: CVE-2016-10010 is: new tag: Tallahassee (C) cve:CVE-2016-10010 is:new tag:Tallahassee (D) cve=CVE-2016-10010 is=new -tag=Tallahassee
CVE-2016-10010 -tag:"Tallahassee Office" CVE-2016-10010 "Tallahassee" (A) cve:CVE-2016-10010 tag:Tallahassee
A VDR Analyst needs to attach a Note to all vulnerabilities that affect the Sacramento office. What is the most efficient way for the analyst to complete this task? (A) *. Search for all vulnerabilities with the Tag "Sacramento".*. Select all vulnerabilities that come back.*. Click the Edit Note button and type the content of the Note. (B) *. Search for all Servers with the Tag "Sacramento".*. Select all servers that come back.*. Click the Edit Note button and type the content of the Note.*. Repeat steps for Websites. (C) *. Search for all vulnerabilities with the Tag "Sacramento".*. Select the first vulnerability that comes back.*. Click the New Note button and type the content of the Note.*. Repeat steps for each vulnerability returned. (D) *. Go to Settings/Tags and select the Tag "Sacramento".*. Attach the Note to the Tag.
Create a tag for all vulnerabilities that affected the Sacramento office. Sort the assets by address: name (websites) and/or IP (servers) (A) Search for all vulnerabilities with the Tag "Sacramento" Select all vulnerabilities that come back. Click the Edit Note button and type the content of the Note
A VDR Analyst is listed as a member of the "Server Admins" and the "Workstation Admins" team. The analyst is asked to generate a report for all of the hosts that their teams are responsible for that have a specific version of Java installed. How should the VDR Analyst make sure that all assets from both teams appear in the report? (A) Select All Teams on the Team Selector and then run the report. (B) Run a separate report for each team and then combine the two reports. (C) Select All Your Teams on the Team Selector and then run the report. (D) Include is: "Server Admins" is: "Workstation Admins" in the query when creating the report.
Creating an Asset Report. The assets displayed are for the specific team selected through the Team selector in the upper-right corner. To view the assets for all the teams to which you have access, choose All Teams from the Team selector. (A) Select All Teams on the Team Selector and then run the report.
A VDR Analyst needs to view the Health Score compared to other organizations. Which panel option in the dashboard should the analyst utilize? A. Delta Only B. Industry Average C. Stacked Severities D. Normalized
D. Normalized
Management needs a report of all websites that use an instance of Apache HTTP/Web Server that is not the latest version (2.4.46). How should the VDR Analyst write the query? A. software:Apache HTTP/Web Server<2.4.46 B. software:"Apache HTTP/Web Server"=<2.4.46 C. software:Apache HTTP/Web Server=<2.4.46 D. software:"Apache HTTP/Web Server"<2.4.46
D. software:"Apache HTTP/Web Server"<2.4.46
A VDR Analyst needs to generate an asset report for management. The report needs to contain only websites in the Montreal office. The Montreal assets have been assigned a 'Montreal' tag. Management requests the ability to hide certain fields if needed. How should the VDR Analyst generate this report? (A) On the Servers tab, check the box for all, click Share, and generate a PDF report for Assets. (B) On the Websites tab, check the box for all, click Share, and generate a PDF report for Assets. (C) On the Websites tab, search for Montreal, and select check box for all results. Click Share and generate a CSV report for Assets. (D) On the Servers tab, search for Montreal, and select the check box for all results. Click Share and generate a CSV report for Assets.
Go to the Servers or Website view and use a selection of filers and/or a basic or Advanced search queries to filter the displayed vulnerabilities. Use the vulnerability filters to search Tags. (C) On the Websites tab, search for Montreal, and select check box for all results. Click share and generate a CSV report for Assets.
A VDR Analyst needs to determine which factor category is contributing the most to CPS scores of 7.0 or higher. Which steps should the analyst take to find this information within the VDR AI portion of the dashboard? (A) Select the 7 through 10 sections on the left, then review each factor category and report on the one with the highest delta value. (B) Select the 7 through 10 sections on the right, then review each factor category and report on the one with the highest delta value. (C) Select the 7 through 10 sections on the right, then review each factor category and report on the one with the highest average value. (D) Select the 7 through 10 sections on the left, then review each factor category and report on the one with the highest average value.
Health Score Panel (B) Select 7 through 10 sections on the right, then review each factor category and report on the one with the highest delta value.
A VDR Analyst must demonstrate the overall trend of vulnerabilities being remediated versus those being added to remediation plans. Which dashboard component can help show this? (A) Context Vulnerability Prioritization Distribution (B) Assets (D) Remediation Time (D) Vulnerability Variation
Health Score Panel (C) Remediation Time
The Normalized Health Score for an organization drops by 10% as seen on the Dashboard tab. Which two views from the Dashboard tab can be used to investigate the reason for this change? (Choose two.) (A) Vulnerability Variation Panel (B) Deselect the Normalize option for the Health Score Panel (C) Contextual Vulnerability Prioritization Distribution Panel (D) Remediation Time Panel (E) Assets Panel
Health Score View Vulnerability Variation (A) Vulnerability Variation Panel (B) Deselect the Normalize option for the Health Score Panel
To help speed up the process of importing a list of assets to be scanned, a VDR Analyst decides to use a CSV import of assets into Taegis VDR. How should the VDR Analyst format the CSV for input? (A) Create a CSV with three columns with headers of Hostname, IP_Address, Website. (B) Create a CSV with one column with no headers. (C) Create a CSV with two columns with headers of Asset and Edge_Service. (D) Create a CSV with three columns with headers of Asset, Edge_Service, and Tags.
In the given menu, drag and drop a CSV file containing a list of assets (IPs, hostnames or websites) to be imported in bulk. The CSV file should be UTF-8 encoded and RFC-4180 formatted in a single column (additional columns will be ignored) containing a list of IPs, Hostnames or Websites, each on their own line. (B) Create a CSV with one column with no headers
A VDR Analyst receives confirmation from a web administrator that a vulnerability is applicable to a server within the report. The web administrator then details the compensating controls that are in place to mitigate exposure. What should the analyst do with the vulnerability in VDR? (A) Mark it as fixed (B) Mark it as a false positive (C) Update the severity to a lower level (D) Snooze the vulnerability
In the vulnerability pane under actions you can update the severity, mark as false positive, mark as verified, snooze, view more details. (C) Update the severity to a lower level
When adding a new range under Auto Discovery, which option for Auto Discovery Schedule can be selected?
None, Monthly, Weekly, Daily
Which function allows a VDR Analyst to group vulnerabilities together? (A) Connectors (B) Remediation Plans (C) Actions (D) Vulnerability Variation
Scoring Pane/ Remediation Plan Tags (B) Remediation Plans
Why would a VDR Analyst mark a vulnerability as a False Positive? (A) The vulnerability involves a required legacy application that cannot be upgraded for 6 months. (B) The affected asset's owner needs a clean vulnerability report today and it will take too long to remediate the finding. (C) The vulnerability applies to an out-of-date version of Debian Linux. However, it is discovered that the asset in question is a Cisco network device not based on Linux. (D) The vulnerability is on a web server and applies to an Apache Tomcat module that is installed but disabled by the asset's administrator with assurances that it will never be enabled.
To improve the reliability of vulnerability detections, VDR uses machine learning techniques in order to identify how frequently a detection mechanism generates false positives, or whether the specific vulnerability has often been identified manually as a false positive in the past (which you can do in the platform). This supervised classification of each vulnerability (confirmed or false positive) is done using a blend of methods that blindly takes user labels and features, and prior expert knowledge, in a statistically-sound ensemble machine learning model, much like a democratic process. When a vulnerability has a high chance of being False Positive, this will slightly affect the CPS, in order to lower the ranking of this specific vulnerability. (C) The vulnerability applies to an out-of-date version of Debian Linux. However, it is discovered that the asset in question is a Cisco network device not based on Linux.
A VDR Analyst is concerned about how long a specific outdated software vulnerability has shown up in scans. Where can the analyst see this visually represented in VDR? (A) The Vulnerability Variation Dashboard panel (B) The VDR AI Dashboard (C) The History tab of the vulnerability (D) The Timeline column in Vulnerabilities tab
Under Vulnerabilities tab (A) The Vulnerability Variation Dashboard panel
The Auto Discovery function finds a new webserver that includes a website (vdrautodiscoveryexample[.]com) that is backed by a SQL database. How many new assets will be created in VDR? (A) - counting the server, website, and database as one asset. (B) 2 - the website counts as one asset, the server, along with the database counts as the second asset. (C) 3 - the website, the server, and the database each count as an asset. (D) 2 - the database counts as one asset, the server, along with the website counts as the second asset.
Using the Search Field (From the Website, Servers, or Auto Discovery View) At the top of each of the views, you will find free-form search field where you can find assets by URL (Websites), IP/Hostname (Servers). The search query will trigger as soon as THREE or more characters are entered. (B) 2 - the website counts as one asset, the server, along with the database counts as the second asset.
A scan finds a vulnerability on an asset in the DMZ, and the CPS scoring is high. VDR is confident in the score based on the detection mechanism reliability. Which prioritization factor does this represent? (A) Asset Context (B) Network Context (C) External Context (D) Vulnerability Properties
Vulnerabilities Properties (D) Vulnerability Properties
When viewing an asset, which tab shows the factors that impacted the vulnerabilities scoring conversion from CVSS to CPS? (A) Vulnerabilities (B) Scoring (C) Factors (D) Details
Vulnerabilities tab -> Scoring Or Dashboard tab -> Contextual Vulnerability Prioritization Distribution panel (B) Scoring
A SOC Team member contacts a VDR Analyst due to alerts raised within the Intrusion Detection System (IDS). The IDS raises alerts that indicate a desktop within the internal IP space at 10.110.25.123 has been compromised and a piece of malware has began trying to exploit a high-value asset. This high-value asset is a Linux host that resides at 172.19.33.142, with databases that contain intellectual property (IP) and personally identifiable information (PII).Before the host can be isolated, encrypted traffic between 10.110.25.123 and 172.19.33.142 is observed with a secondary detection of encrypted traffic from 10.110.25.123 to an external IP source. The concern is that data exfiltration has occurred. The VDR Analyst needs to generate a list of all vulnerabilities detected on this high-value asset. Only vulnerabilities flagged within Taegis VDR as fixed should be excluded. Which steps must the VDR Analyst perform to generate this report?
Vulnerability Risk Prioritization Factors It is possible to create your own PDF or CSV report with the asset content of your choice. Go to the Servers or Websites view and use a selection of filters and/or basic or Advanced search queries to filter the displayed vulnerabilities.
A VDR Analyst wants to see the rate that the organization is remediating vulnerabilities compared to the rate that new vulnerabilities are coming in. Which dashboard should the analyst review?
Vulnerability Variation Panel
