SAMPLE QUESTIONS for: Test C2150-500, Security Dynamic and Static Applications V2, Fundamentals Note: The bolded response option is the correct answer. Item 500.1.1.5 A customer of five years calls on a Saturday afternoon and needs to know which IBM Security solution provides options for executing a static analysis test from the IDE. Which solution is appropriate? A. IBM Security AppScan Source B. IBM Security AppScan Standard C. IBM Security AppScan Enterprise D. IBM Security AppScan Enterprise for Reporting Item 500.1.1.6 During an exploratory meeting, a customer says they know about IBM's DAST/SAST offerings but says their manager is looking for something that does black-box analysis. Which two solutions resolve the manager's concern? (Choose two.) A. IBM Security AppScan Standard Edition B. IBM Security AppScan Glass Box Testing C. IBM Security AppScan Enterprise Edition D. IBM Security AppScan Source for Automation E. IBM Security AppScan Source for Development Item 500.1.3.1 As a current user of IBM Security AppScan Source, the Associate Solution Advisor is training a new developer about various types of built-in IBM Security AppScan Enterprise reports. Which three report types should be covered in this training? (Choose three.) A. CSV reports B. Risk Matrix reports C. Delta analysis reports D. Industry Standard reports E. Audit Compliance reports F. Regulatory Compliance reports Item 500.1.4.1 A professional is tasked with integrating IBM Security AppScan Source for Analysis with a prospective enterprise bug tracking system that their IT department is looking to invest in. Which three bug/defect tracking tools should the Associate Solution Advisor recommend? (Choose three.) A. Bugzilla B. FogBugz C. Atlassian JIRA D. HP Quality Center E. Rational ClearQuest F. Team Foundation Server
Item 500.1.5.1 Which view in IBM Security AppScan Source for Analysis is helpful if one does not understand how to fix a vulnerability identified by AppScan Source? A. Explorer View B. Properties View C. Fixed/Missing Findings View D. Remediation Assistance View Item 500.1.5.6 Which IBM Security AppScan Source feature can display general vulnerability and remediation information within AppScan Source or in a web browser? A. Bundles B. Web File C. Scan Configuration D. Security Knowledgebase Item 500.1.6.4 A packet sniffer is used to hijack popular social media web sessions. The lack of which control mechanism makes this possible? A. Session timeout B. Secure flag on session cookies C. HTTPOnly flag on session cookies D. Path configuration on session cookies Item 500.2.1.2 In which quadrant has the Gartner Magic Quadrant for Application Security Testing placed AppScan currently? A. Leaders B. Visionaries C. Champions D. Challengers Item 500.2.3.5 The IBM Security AppScan Enterprise Issue Management functionality helps manage issues that are important to an organization security process workflow. What are three valid issue classification settings in AppScan Enterprise? (Choose three.) A. Fixed B. Noise C. Closed D. Archived E. Validated F. Reopened Item 500.4.1.6 Which IBM Security AppScan Source component can be used to automate the generation of AppScan Source project files for projects that use Makefiles? A. Ounce/Make B. Eclipse plugin
C. Visual Studio plugin D. IBM Security AppScan Source for Automation Item 500.4.2.4 Management has finally realized the need for increased awareness of application security throughout the enterprise. Management has requested monthly code scans to be integrated into the organization's SDLC. Management wants to be able to queue requests to scan and publish assessments and generate reports on application security code. Which IBM Security AppScan Source component must be used to satisfy their requirements? A. IBM Security AppScan Source for Automation B. IBM Security AppScan Source for Development C. IBM Security AppScan Source Data Access API D. IBM Security AppScan Source for Jenkins CI Server Item 500.4.3.4 Which activity is completed using IBM Security AppScan Source for Developer license in the SDLC process? A. View and generate report of prior scans B. Create scan configuration file for the development team C. Create custom rules and publish issues found during a prior scan using IDE plugin D. Review and fix the issues found during a prior scan and then execute a scan using IDE plugin Item 500.4.4.3 A development team uses Rational Application Developer for WebSphere Software (RAD) to develop its Java application. The security team has access to the development workspace and plans to begin scanning the application with IBM Security AppScan Source for Analysis. Which IBM Security AppScan Source feature can the security team use to produce the necessary scan configuration files within AppScan Source for Analysis? A. RAD Configuration Editor B. Scan Configuration Importer C. Eclipse Workspace Importer D. AppScan Source for Remediation Item 500.4.4.5 A customer plans to develop new ios mobile applications and wants its developers to be able to scan new applications with IBM Security AppScan Source. Which two development tools should the associate solution advisor recommend? (Choose two.) A. Eclipse B. IntelliJ IDEA C. Visual Studio D. Android AIDE E. IBM Worklight Item 500.4.5.3 A customer wants to invoke scans of the application code from Windows or Linux scripts. The customer wants to do as little customization as possible to achieve this goal.
Which IBM Security AppScan Source component should be used? A. Ounce/Maven plugin B. Ounce/Make build utility C. IBM Security AppScan Source CLI D. IBM Security AppScan Source Data Access API Item 500.4.6.1 The IBM Security AppScan Source Data Access API (for SAST) is installed to which default location on disk, where <install_dir> is the location of the AppScan Source installation? A. <install_dir>\sdk\apisdk.jar B. <install_dir>\sdk\ouncesdk.jar C. <install_dir>\sdk\dataaccess.jar D. <install_dir>\sdk\appscansdk.jar Item 500.5.2.7 A new QA tester has joined the product team with responsibilities that include configuring and running periodic AppScan scans. The internal organizational documented processes clearly state not to run AppScan against a live production environment. Why is this the case? (Choose three.) A. Risk of account lockout B. Risk of database corruption C. Risk of decreased performance D. Risk of embarrassing developers E. Risk of discovering unfixable vulnerabilities F. Risk of random file deletion Item 500.5.4.3 Which two languages can be scanned by IBM Security AppScan Source installed on a Linux platform? (Choose two.) A. PHP B..NET C. Android D. Objective C E. Visual Basic Item 500.7.3.3 A company has just launched a large online web application that allows its customers to purchase products online using credit cards. Which compliance program must the company use? A. Sarbanes-Oxley (SOX) B. Federal Information Security Management (FISMA) C. Health Insurance Portability and Accountability (HIPAA) D. The Payment Card Industry Data Security Standard (PCI-DSS) Item 500.8.1.4 Which three types of licensing models are available for AppScan products? (Choose three.) A. Token B. Floating C. Umbrella
D. Enterprise E. Authorized F. PVU based (Processor Value Unit) Item 500.8.2.7 A customer has 25 team members but expects no more than 10 team members to use IBM Security AppScan Source at a time. The customer wants to buy the fewest number of licenses to meet its needs. Which type of IBM Security AppScan Enterprise license should the associate solution advisor recommend? A. Floating User License B. Premium User License C. Enterprise User License D. Authorized User License Item 500.8.2.8 A customer's security team will be scanning its organization's applications and sending the results to developers. The organization's developers want to open assessment files, analyze the results, and fix issues but not scan from within Visual Studio. Which IBM Security AppScan Source license should the associate solution advisor recommend for the developers? A. IBM Security AppScan Source Edition for Analysis B. IBM Security AppScan Source Edition for Developer C. IBM Security AppScan Source Edition for Automation D. IBM Security AppScan Source Edition for Remediation