100+ Free Qualys PM Practice Questions

Pass your Qualys Certified Specialist — Patch Management exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately

~70–80% Pass Rate

100+ Questions

100% Free

1 / 100

Question 1

Score: 0/0

A global company wants endpoints to patch at 2:00 AM in each endpoint's local time. Which scheduling behavior should they use?

Use a fixed GMT offset so every endpoint starts simultaneously

Use the Reports tab to stagger job start times

Use the default Agent time zone scheduling behavior

Use On-Demand scheduling and wait for users to sign in

to track

Same family resources

Explore More Qualys Certifications

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.

Qualys Certified Specialist — PCI Compliance

Practice Questions100 questions

Qualys Certified Specialist — VMDR

Practice Questions100 questions

2026 Statistics

Key Facts: Qualys PM Exam

30–40

Exam Questions

Qualys

75%

Passing Score

Qualys

60 min

Exam Duration

Qualys

Free

Exam Fee

Qualys (for customers)

2 years

Certification Validity

Qualys

3 OS

Platform Support

Windows, Linux, macOS

The Qualys PM exam has 30–40 questions in 60 minutes with a 75% passing score. Core domains: Cloud Agent deployment (20–25%), patch catalog and assessment (20–25%), deployment jobs (30–35%), deployment policies (15–20%), and reporting/verification (10–15%). Free for Qualys customers.

Sample Qualys PM Practice Questions

Try these sample questions to test your Qualys PM exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1What is the primary role of the Qualys Cloud Agent in the Patch Management module?

A.To assess the endpoint for missing patches and deploy approved patches as directed by patch jobs

B.To perform network-based scanning to identify missing patches across all hosts

C.To manage the Qualys patch catalog by downloading patches from vendor sites

D.To provide a web interface for security analysts to approve patches before deployment

Explanation: The Qualys Cloud Agent serves dual functions in Patch Management: it continuously assesses the endpoint for missing patches (comparing installed software/OS against the Qualys Patch Catalog) and executes patch deployment jobs by downloading and installing approved patches locally. The agent must be active and checking in for both assessment and deployment to function.

2Which operating systems are supported by the Qualys Patch Management module?

A.Windows (Windows 7/Server 2008 and later), Linux distributions (RHEL, Ubuntu, Debian, SUSE, Amazon Linux), and macOS

B.Windows only; Linux and macOS require third-party patch management tools

C.Windows and Linux only; macOS is not supported by Qualys Patch Management

D.All platforms including iOS, Android, and Windows IoT in addition to desktop OS

Explanation: Qualys Patch Management supports the three major endpoint OS platforms: Windows (Windows 7, 8.1, 10, 11, Windows Server 2008 R2 through current), major Linux distributions (Red Hat Enterprise Linux, CentOS, Ubuntu, Debian, SUSE Linux Enterprise, Amazon Linux), and macOS. Patch coverage extends to both OS-level patches and third-party application updates.

3What is an 'Activation Key' in Qualys Cloud Agent deployment?

A.A token used during agent installation that registers the agent to a specific Qualys subscription and assigns it default configuration profiles

B.An API key used by the Qualys console to communicate with Cloud Agents over HTTPS

C.An encryption key that protects patch files during download from the Qualys patch repository

D.A license key required to enable Patch Management features in the Qualys Cloud Platform

Explanation: An Activation Key (also called an Agent Activation Key) is generated in the Qualys console and embedded in the agent installer or installation command. When the agent runs for the first time, it uses the key to register with the Qualys Cloud Platform, automatically associating itself with the correct subscription, applying the assigned Cloud Agent Configuration Profile, and starting assessments.

4In Qualys Patch Management, what is the 'Qualys Patch Catalog' and how does it work?

A.A curated database of patches for Windows, Linux, and macOS maintained by Qualys, used to identify missing patches and obtain patch content for deployment

B.A customer-maintained list of approved patches that overrides Qualys's default patch recommendations

C.A live feed of patches from Microsoft WSUS, Red Hat Satellite, and Apple Software Update servers

D.A historical archive of all patches ever released, used only for compliance reporting purposes

Explanation: The Qualys Patch Catalog is Qualys's centralized, continuously updated database of patches from Microsoft (cumulative updates, security patches), Linux package repositories (RHEL, Ubuntu, etc.), and macOS updates. When the Cloud Agent reports installed software versions, Qualys compares against the Catalog to identify missing patches. For deployments, Qualys downloads patch content and distributes it via its Patch Delivery Service.

5In Qualys Patch Management, what is the relationship between a QID and a patch?

A.Each QID representing a missing patch links to specific patch content in the Qualys Patch Catalog, enabling direct deployment via Patch Management without data re-entry

B.QIDs are VMDR-only identifiers; Patch Management uses separate 'Patch IDs' without a QID relationship

C.A QID represents the vulnerability remediated by multiple possible patches; the analyst must manually select which patch to deploy

D.QIDs are automatically assigned to patch content by Microsoft when security updates are published

Explanation: The QID system is the unifying thread between Qualys VMDR and Patch Management. When VMDR detects a missing patch (QID for a specific OS/application patch), that same QID maps to deployable patch content in the Patch Catalog. A Patch Management job can target specific QIDs from VMDR findings, creating a direct detect-to-deploy workflow without manual data re-entry.

6What is a 'Deployment Job' in Qualys Patch Management?

A.A configured task defining which patches to deploy, which assets to target, when to deploy (maintenance window), and how to handle reboots

B.A background process that automatically scans assets for new vulnerabilities after each patch deployment

C.A scheduled report that shows which patches have been deployed to which assets

D.A workflow approval process requiring manager sign-off before patches can be installed

Explanation: A Deployment Job is the core object in Qualys Patch Management that orchestrates patch deployment. It defines: patch selection filters (which QIDs, severity levels, or specific patches), asset targeting (by asset tags, IP ranges), timing (maintenance window schedule), reboot behavior (suppress reboot, force reboot after window, follow Windows Update settings), and notification settings.

7What is the purpose of a 'Maintenance Window' in a Qualys Patch Management deployment job?

A.To restrict patch installation and reboots to specific days and time windows, preventing disruption during business hours

B.To schedule when Qualys performs vulnerability scans to identify missing patches

C.To define the time period during which Qualys support is available for patch deployment assistance

D.To pause patch downloads when network bandwidth is limited during peak hours

Explanation: A Maintenance Window in a Qualys Patch Management job defines the specific days of the week (e.g., Saturday/Sunday) and hours (e.g., 02:00–06:00) during which patches can be installed on target assets. If the maintenance window is configured with a reboot option, machines will only reboot during these designated hours, protecting business operations from unplanned downtime.

8In Qualys Patch Management, what does using 'Asset Tags' for job targeting enable?

A.Patch jobs automatically apply to all assets matching the tag criteria, including newly discovered assets that receive the tag after the job is created

B.Asset tags restrict patch jobs to deploy only OS patches for the tagged asset's operating system

C.Asset tags allow bypassing maintenance windows for emergency patching on tagged critical assets

D.Asset tags determine the order in which patches are installed across multiple assets

Explanation: Using Asset Tags for deployment job targeting makes patch jobs dynamic: when a new asset is provisioned (a new server, a new VM) and receives the appropriate tag (e.g., 'Windows-Production-Server'), it automatically becomes a target for all existing deployment jobs scoped to that tag. This eliminates manual job updates when the asset inventory changes.

9What reboot option in a Qualys Patch Management job ensures endpoints reboot within the maintenance window regardless of user activity?

A.Force Reboot: reboots the machine at the end of the maintenance window even if the user is logged in

B.Suppress Reboot: prevents any reboot from occurring, allowing users to choose when to restart

C.Intelligent Reboot: reboots only when no user is actively logged in

D.Deferred Reboot: schedules the reboot for the next maintenance window after the current one

Explanation: The Force Reboot option in Qualys Patch Management forces the endpoint to reboot at the end of the maintenance window regardless of whether users are logged in or have unsaved work. This ensures patch activation (many patches require a reboot to apply kernel-level changes) happens within the controlled maintenance window rather than deferring indefinitely when users keep postponing reboots.

10In Qualys Patch Management, what does adding a patch to the 'Exclusions' list in a deployment job do?

A.It prevents that specific patch from being deployed by that job, even if the patch otherwise meets all of the job's patch selection criteria

B.It excludes assets tagged with 'Exclusions' from receiving any patches in the job

C.It marks the patch as accepted risk in VMDR, removing it from vulnerability dashboards

D.It excludes the patch from future QID detection in Qualys VMDR scan results

Explanation: The Exclusions list in a Qualys Patch Management job is a blocklist for specific patches. If a patch is in the exclusions list, it will not be deployed by that job even if the patch matches all other selection criteria (e.g., it meets the severity filter and the asset has it missing). This is used to prevent known-problematic patches from being deployed automatically.

About the Qualys PM Exam

The Qualys Certified Specialist Patch Management exam validates expertise in deploying and managing patches using the Qualys Patch Management module. It covers Cloud Agent deployment, patch catalog and QID-to-patch mapping, deployment job configuration with maintenance windows and exclusions, deployment policies with auto-approval, and compliance reporting.

Questions

35 scored questions

Time Limit

60 minutes

Passing Score

75%

Exam Fee

Free (Qualys)

Qualys PM Exam Content Outline

20–25%

Qualys Cloud Agent Deployment

Cloud Agent installation (MSI, RPM, DEB, PKG), activation keys, agent provisioning keys, proxy configuration, Cloud Agent profile assignment, platform support (Windows 7+, RHEL, Ubuntu, macOS), and agent status monitoring

20–25%

Patch Catalog & Assessment

Qualys Patch Catalog (Windows, Linux, macOS patches), QID-to-patch mapping, patch severity classifications, missing patch detection logic, assessment job scheduling, and patch knowledge base updates

30–35%

Patch Deployment Jobs

Deployment job wizard, patch selection filters (OS, vendor, severity, individual QID, CVE), tag-based asset targeting, maintenance window configuration (days, hours, recurrence), reboot options (suppress reboot, force reboot after window), exclusion lists, and job scheduling (immediate, scheduled, recurring)

15–20%

Deployment Policies

Patch deployment policy configuration, automatic patch approval rules, patch rollback support, exception management, whitelist/blacklist patches, and policy assignment to asset tags

10–15%

Reporting & Verification

Patch compliance dashboard, deployment job results (installed, failed, pending), fix verification scan post-deployment, patch SLA tracking, and executive summary reports

How to Pass the Qualys PM Exam

What You Need to Know

Passing score: 75%
Exam length: 35 questions
Time limit: 60 minutes
Exam fee: Free

Keys to Passing

Complete 500+ practice questions
Score 80%+ consistently before scheduling
Focus on highest-weighted sections
Use our AI tutor for tough concepts

Qualys PM Study Tips from Top Performers

1Deployment jobs use tag-based asset targeting — know how asset tags work in the Qualys Cloud Platform

2Maintenance windows control WHEN patches deploy — reboot behavior is also set here

3Deployment policies enable automatic patch approval, reducing manual steps for recurring patch cycles

4QIDs link vulnerability data (VMDR) to patch data (Patch Management) — the same QID appears in both modules

5Cloud Agent must be active and checking in for patch deployment to work — understand agent status monitoring

6Patch exclusions prevent specific patches from being deployed even when they meet job criteria

7Post-deployment fix verification scanning confirms patches were applied successfully by re-running assessment

Frequently Asked Questions

What is Qualys Patch Management?

Qualys Patch Management is a cloud-based module that enables automated patch discovery, assessment, and deployment across Windows, Linux, and macOS endpoints using the Qualys Cloud Agent. It integrates directly with VMDR so discovered missing patches can be remediated without switching tools.

How does Qualys identify missing patches?

The Qualys Cloud Agent continuously assesses the endpoint and compares installed software/OS versions against the Qualys Patch Catalog. Each missing patch is mapped to a QID so the vulnerability and patch data appear together in VMDR, enabling a single workflow from detection to remediation.

What is a maintenance window in a Qualys deployment job?

A maintenance window defines the date range, days of week, and hours during which a deployment job can push patches to target assets. Patches are only applied within the window, preventing patching during business-critical hours. If a patch requires a reboot, reboot behavior is also configured within the maintenance window settings.

What is a Qualys deployment policy?

A deployment policy defines rules for automatic patch approval and deployment to a set of assets. Policies can auto-approve patches meeting criteria (e.g., critical severity, specific vendor) and schedule recurring deployments, reducing manual intervention for routine patch cycles.

What platforms does Qualys Patch Management support?

Qualys Patch Management supports Windows (Windows 7/Server 2008 and later), Linux distributions (RHEL, CentOS, Ubuntu, Debian, SUSE, Amazon Linux), and macOS. The Cloud Agent must be installed and active on the endpoint for patch deployment to function.

How should I prepare for the Qualys Patch Management exam?

Complete the free Qualys training courses on Patch Management, practice building deployment jobs in a lab or trial environment, understand the relationship between QIDs and patch catalog entries, focus on maintenance window and reboot configuration scenarios, and complete 100+ practice questions across all five domains.