Limited Time Discount Offer 30% Off - Ends in 02:00:00

×

IBM C2150-810 Exam - IBM Security AppScan Source Edition Implementation

Questions & Answers for IBM C2150-810

Showing 1-15 of 50 Questions

Question #1

Which statement is true about AppScan Source's defect tracking system integration?

A. It can be used to submit one or more findings in a single defect entry.

B. It can be used to submit one or more bundles in a single defect entry.

C. It can be used to update finding status in AppScan Source from a defect entry.

D. It can be used to submit defects during unattended scans using AppScan Source for Automation.

Reference:http://pic.dhe.ibm.com/infocenter/appsrc/v8r6/index.jsp

Question #2

What is "Automatic Propagator Markup" advanced setting in Scan Configuration view?

A. It marks all sinks as "taint propagators".

B. It marks all sources as "taint propagators".

C. It marks all lost sinks as "taint propagators".

D. It marks all lost sources as "taint propagators".

Reference:https://www.google.com.pk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad
=rja&uact=8&ved=0CBsQFjAA&url=http%3A%2F%2Fwww.ibm.com%2Fsupport%2Fdocvi
ew.wss%3Fuid%3Dswg21667599&ei=G5v8U5_iJsmH4gTGi4H4Cw&usg=AFQjCNFHuUIt0
DWnThoe5IAs-rFDPJfbPg

Question #3

Which view in the Visual Studio IDE Plugin allows a user to focus on results in which they
are interested?

A. Trace View

B. Filters View

C. Define Variables View

D. Customer Rules View

Reference:http://pic.dhe.ibm.com/infocenter/appsrc/v8r6/topic/com.ibm.security.appscansrc
.infocenter.nav.doc/pdf/Security_AppScan_Source_Analysis.pdf(Seefilter overview second
paraPage#83).

Question #4

Which two methods can be used to resolve Unresolved Include Expressions?

A. Adding additional Scan Rules

B. Adding additional search and replace rules

C. Adding additional PHP Document Roots to the project

D. Adding additional source files in the project properties menu

E. Adding additional directories that contain PHP include files to the include path

Question #5

You are reviewing a banking application and find a lost sink method called
performTransactionf...) that sends requested transaction information (bill payment,
fundstransfer, etc) to the back-end COBOL application running on IBM System z
mainframe that actually moves the money.
Which type of custom rule should you create for this method?

A. Sink

B. Source

C. Taint Propagator

D. Tainted Callback

E. Not Susceptible to taint

Question #6

You want to scan and bundle the results for a Java application and only have access to
one machine. Which two components must be installed on that machine to execute a scan
and bundle the results?

A. AppScan Enterprise Server

B. AppScan Source for Analysis

C. AppScan Source for Automation

D. AppScan Source for Remediation

E. AppScan Source for Development

Question #7

How are safe sources dismissed during the triage process?

A. Set all the sinks originated from the safe source to NST.

B. Set a Trace filter to remove any findings that originated from the safe source.

C. Set a Classification filter to remove any findings that originated from the safe source.

D. Set a Vulnerability Type filter to remove any findings that originated from the safe source.

Question #8

Which AppScan component is required to create PBSA rules?

A. AppScan Source for Analysis

B. AppScan Source for Automation

C. AppScan Source for Remediation

D. AppScan Source for Development

Question #9

You are reviewing an on-line shopping application and find a lost sink method called
retrieveOrderf...) that is provided by a third party shopping framework. This method accepts
order number and in turn provides all information regarding that order such as items
ordered, shipping and billing address, payment type, etc .
Which type of custom rule should you create for this method?

A. Sink

B. Source

C. Taint Propagator

D. Tainted Callback

E. Not Susceptible to Taint

Question #10

Reports in AppScan Source Edition can be exported in which two formats?

A. pdf

B. xml

C. html

D. Microsoft Excel

E. Microsoft Word

Question #11

How can a user be prevented from creating new custom rules?

A. By deleting the user from AppScan Source

B. By deleting the user from AppScan Enterprise

C. By updating user permissions in AppScan Source

D. By updating user permissions in AppScan Enterprise

Question #12

When scanning a Java Application, the scan fails with Java errors related to missing
components.
Which dialog can help fix the compilation issues?

A. Filter Dialog

B. Project Dependencies

C. Scan Rules and Rule Sets

D. JSP Project Dependencies

Question #13

What is the proper action to take if the attack surface proves to be insufficient?

A. Clear any findings from the excluded bundle

B. Remove all the filters to maximize the findings

C. Perform application profiling to identify any missing sources

D. Make sure scan configuration for single virtual call is set to true

Question #14

Which task allows users to specify a Web Context Root for each generated project using
Ounce/Ant?

A. ounceCli

B. ounceCreateProject

C. ounce.project_name

D. ounce.build.compiler

Reference:https://www-
01.ibm.com/support/knowledgecenter/SSS9LM_9.0.0/com.ibm.rational.appscansrc.utilities.
doc/topics/ounce_ant_integration_properties_setting.html?lang=en

Question #15

You are scanning a thick client application that receives data over a custom TCP/IP
protocol provided by the application's framework method
AppComm.getReceivedMessage().
Which rule would you create for this method to capture and trace the incoming data?

A. Sink

B. Source

C. Taint Propagator

D. Not Susceptible to Taint

You Need Avanset VCE Player in Order to Open VCE Files

AUTUMN SALE: 30% DISCOUNT
This is ONE TIME OFFER

You save
30%

Enter Your Email Address to Receive Your 30% Discount Code

AUTUMN SALE: 30% DISCOUNT

You save
30%

Use Discount Code:

A confirmation link was sent to your e-mail.

Please check your mailbox for a message from support@exam-labs.com and follow the directions.