SAMPLE QUESTIONS for: Test C , Security Dynamic and Static Applications V2, Fundamentals

Similar documents
AppScan Deployment APPLICATION SECURITY SERVICES. Colin Bell. Applications Security Senior Practice Manager

Web Applications (Part 2) The Hackers New Target

IBM Rational Software

Will your application be secure enough when Robots produce code for you?

PROFESSIONAL SERVICES (Solution Brief)

PCI DSS 3.1 is here. Are you ready? Mike Goldgof Sr. Director Product Marketing

WHITEHAT SENTINEL PRODUCT FAMILY. WhiteHat Sentinel Product Family

IBM Security AppScan Source for Analysis Version User Guide IBM

Integrate IBM Rational Application Developer and IBM Security AppScan Source Edition

Table of Contents. Preface xiii PART I: IT GOVERNANCE CONCEPTS. Chapter 1: Importance of IT Governance for All Enterprises 3

Overview: Compliance and Security Management PCI-DSS Control Compliance Suite Overview

IBM Internet Security Systems October Market Intelligence Brief

Micro Focus Fortify Application Security

Information Security Risk Strategies. By

SYNACK PCI DSS PENETRATION TESTING TECHNICAL WHITE PAPER

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

IBM Fundamentals of Applying Tivoli Security and Compliance Management Solutions V2.

Secret Server HP ArcSight Integration Guide

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

PCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1

McAfee Database Security

Comprehensive Test Management with Parametrization Manual and Automated Test Execution Test Case Library Management & Re-use Requirements Test

Securing Your Web Application against security vulnerabilities. Alvin Wong, Brand Manager IBM Rational Software

IBM Security AppScan Enterprise v9.0.1 Importing Issues from Third Party Scanners

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Compliance in 5 Steps

CoreMax Consulting s Cyber Security Roadmap

Automating the Top 20 CIS Critical Security Controls

Sirius Security Overview

IT Audit Process Prof. Liang Yao Week Two IT Audit Function

IBM i (iseries, AS/400) Security: the Good, the Bad, and the downright Ugly

Security Awareness, Training and Education Catalog

Compliance and Privileged Password Management

Compliance with CloudCheckr

CCISO Blueprint v1. EC-Council

HPE Security Fortify Software Security Center

Simplifying Security for IBM i and IBM Security QRadar

IBM Exam 00M-662 Security Systems Sales Mastery Test v2 Version: 7.1 [ Total Questions: 72 ]

IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)

TRAINING CURRICULUM 2017 Q2

Managing an Application Vulnerability Management Program in a CI/CD Environment. March 29, 2018 OWASP Vancouver - Karim Lalji 1

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

HPE Security Fortify Software

Azure DevOps. Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region

Brochure. Fortify on Demand. Fortify on Demand. Static Application Security Testing

JetBrains TeamCity Comparison

Managing your Agile ALM Process with JasForge OSLC Forge and Lyo SDK DJAAFAR Karim

Security. Made Smarter.

Silk Central Release Notes

Cybersecurity The Evolving Landscape

IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)

IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)

01.0 Policy Responsibilities and Oversight

Maximizing IT Security with Configuration Management WHITE PAPER

7 Steps to Complete Privileged Account Management. September 5, 2017 Fabricio Simao Country Manager

Introduction to AWS GoldBase

Micro Focus Security Fortify. Application Security

Maximize Network Visibility with NetFlow Technology. Adam Powers Chief Technology Officer Lancope

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

IBM Application Security on Cloud

Tenable.io User Guide. Last Revised: November 03, 2017

Data Center Automation: Automated Provisioning, Patching, and Compliance

Tenable Network Security Support Portal. November 9, 2010 (Revision 8)

Introduction to Ethical Hacking. Chapter 1

NASDAQ BWISE ACADEMY COURSE CATALOG

Course Outline. CCNA Cyber Ops SECOPS Official Cert Guide (Course & Labs)

Value of managing and running automated functional tests with Rational Quality Manager

Compliance 101: Basics for Security Professionals

Unlocking the Power of the Cloud

COSO Enterprise Risk Management

NASDAQ BWISE ACADEMY COURSE CATALOG

W H IT E P A P E R. Salesforce Security for the IT Executive

IBM BigFix Compliance PCI Add-on Version 9.5. Payment Card Industry Data Security Standard (PCI DSS) User's Guide IBM

SQL Compliance Whitepaper HOW COMPLIANCE IMPACTS BACKUP STRATEGY

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

locuz.com SOC Services

Welcome ControlCase Conference. Kishor Vaswani, CEO

COBIT 5 With COSO 2013

Vendor: HP. Exam Code: HP0-D31. Exam Name: Designing HP Data Center and Cloud Solutions. Version: Demo

The Center for Internet Security

COSO Enterprise Risk Management

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

Alliance Technology Partners. Acunetix Licensing, Training, and ScanAssist Services

The Need In today s fast-paced world, the growing demand to support a variety of applications across the data center and help ensure the compliance an

The Challenge of Managing WebSphere Farm Configuration. Rational Automation Framework for WebSphere

HP APPs v.12 Solutions for Dev-Ops

Imperva Incapsula Website Security

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

Optim. Optim Solutions for Data Governance. R. Kudžma Information management technical sales

PEACHTECH PEACH API SECURITY AUTOMATING API SECURITY TESTING. Peach.tech

Product Security Program

Accelerate the path to PCI DSS data compliance using InfoSphere Guardium

Hacker Explains Privilege Escalation: How Hackers Get Elevated Permissions

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

354 & Index Board of Directors Responsibilities Audit Committee and Risk Committee Coordination, 244 Audit Committee Functions and Responsibilities, 2

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Manual Testing. Software Development Life Cycle. Verification. Mobile Testing

Transcription:

SAMPLE QUESTIONS for: Test C2150-500, Security Dynamic and Static Applications V2, Fundamentals Note: The bolded response option is the correct answer. Item 500.1.1.5 A customer of five years calls on a Saturday afternoon and needs to know which IBM Security solution provides options for executing a static analysis test from the IDE. Which solution is appropriate? A. IBM Security AppScan Source B. IBM Security AppScan Standard C. IBM Security AppScan Enterprise D. IBM Security AppScan Enterprise for Reporting Item 500.1.1.6 During an exploratory meeting, a customer says they know about IBM's DAST/SAST offerings but says their manager is looking for something that does black-box analysis. Which two solutions resolve the manager's concern? (Choose two.) A. IBM Security AppScan Standard Edition B. IBM Security AppScan Glass Box Testing C. IBM Security AppScan Enterprise Edition D. IBM Security AppScan Source for Automation E. IBM Security AppScan Source for Development Item 500.1.3.1 As a current user of IBM Security AppScan Source, the Associate Solution Advisor is training a new developer about various types of built-in IBM Security AppScan Enterprise reports. Which three report types should be covered in this training? (Choose three.) A. CSV reports B. Risk Matrix reports C. Delta analysis reports D. Industry Standard reports E. Audit Compliance reports F. Regulatory Compliance reports Item 500.1.4.1 A professional is tasked with integrating IBM Security AppScan Source for Analysis with a prospective enterprise bug tracking system that their IT department is looking to invest in. Which three bug/defect tracking tools should the Associate Solution Advisor recommend? (Choose three.) A. Bugzilla B. FogBugz C. Atlassian JIRA D. HP Quality Center E. Rational ClearQuest F. Team Foundation Server

Item 500.1.5.1 Which view in IBM Security AppScan Source for Analysis is helpful if one does not understand how to fix a vulnerability identified by AppScan Source? A. Explorer View B. Properties View C. Fixed/Missing Findings View D. Remediation Assistance View Item 500.1.5.6 Which IBM Security AppScan Source feature can display general vulnerability and remediation information within AppScan Source or in a web browser? A. Bundles B. Web File C. Scan Configuration D. Security Knowledgebase Item 500.1.6.4 A packet sniffer is used to hijack popular social media web sessions. The lack of which control mechanism makes this possible? A. Session timeout B. Secure flag on session cookies C. HTTPOnly flag on session cookies D. Path configuration on session cookies Item 500.2.1.2 In which quadrant has the Gartner Magic Quadrant for Application Security Testing placed AppScan currently? A. Leaders B. Visionaries C. Champions D. Challengers Item 500.2.3.5 The IBM Security AppScan Enterprise Issue Management functionality helps manage issues that are important to an organization security process workflow. What are three valid issue classification settings in AppScan Enterprise? (Choose three.) A. Fixed B. Noise C. Closed D. Archived E. Validated F. Reopened Item 500.4.1.6 Which IBM Security AppScan Source component can be used to automate the generation of AppScan Source project files for projects that use Makefiles? A. Ounce/Make B. Eclipse plugin

C. Visual Studio plugin D. IBM Security AppScan Source for Automation Item 500.4.2.4 Management has finally realized the need for increased awareness of application security throughout the enterprise. Management has requested monthly code scans to be integrated into the organization's SDLC. Management wants to be able to queue requests to scan and publish assessments and generate reports on application security code. Which IBM Security AppScan Source component must be used to satisfy their requirements? A. IBM Security AppScan Source for Automation B. IBM Security AppScan Source for Development C. IBM Security AppScan Source Data Access API D. IBM Security AppScan Source for Jenkins CI Server Item 500.4.3.4 Which activity is completed using IBM Security AppScan Source for Developer license in the SDLC process? A. View and generate report of prior scans B. Create scan configuration file for the development team C. Create custom rules and publish issues found during a prior scan using IDE plugin D. Review and fix the issues found during a prior scan and then execute a scan using IDE plugin Item 500.4.4.3 A development team uses Rational Application Developer for WebSphere Software (RAD) to develop its Java application. The security team has access to the development workspace and plans to begin scanning the application with IBM Security AppScan Source for Analysis. Which IBM Security AppScan Source feature can the security team use to produce the necessary scan configuration files within AppScan Source for Analysis? A. RAD Configuration Editor B. Scan Configuration Importer C. Eclipse Workspace Importer D. AppScan Source for Remediation Item 500.4.4.5 A customer plans to develop new ios mobile applications and wants its developers to be able to scan new applications with IBM Security AppScan Source. Which two development tools should the associate solution advisor recommend? (Choose two.) A. Eclipse B. IntelliJ IDEA C. Visual Studio D. Android AIDE E. IBM Worklight Item 500.4.5.3 A customer wants to invoke scans of the application code from Windows or Linux scripts. The customer wants to do as little customization as possible to achieve this goal.

Which IBM Security AppScan Source component should be used? A. Ounce/Maven plugin B. Ounce/Make build utility C. IBM Security AppScan Source CLI D. IBM Security AppScan Source Data Access API Item 500.4.6.1 The IBM Security AppScan Source Data Access API (for SAST) is installed to which default location on disk, where <install_dir> is the location of the AppScan Source installation? A. <install_dir>\sdk\apisdk.jar B. <install_dir>\sdk\ouncesdk.jar C. <install_dir>\sdk\dataaccess.jar D. <install_dir>\sdk\appscansdk.jar Item 500.5.2.7 A new QA tester has joined the product team with responsibilities that include configuring and running periodic AppScan scans. The internal organizational documented processes clearly state not to run AppScan against a live production environment. Why is this the case? (Choose three.) A. Risk of account lockout B. Risk of database corruption C. Risk of decreased performance D. Risk of embarrassing developers E. Risk of discovering unfixable vulnerabilities F. Risk of random file deletion Item 500.5.4.3 Which two languages can be scanned by IBM Security AppScan Source installed on a Linux platform? (Choose two.) A. PHP B..NET C. Android D. Objective C E. Visual Basic Item 500.7.3.3 A company has just launched a large online web application that allows its customers to purchase products online using credit cards. Which compliance program must the company use? A. Sarbanes-Oxley (SOX) B. Federal Information Security Management (FISMA) C. Health Insurance Portability and Accountability (HIPAA) D. The Payment Card Industry Data Security Standard (PCI-DSS) Item 500.8.1.4 Which three types of licensing models are available for AppScan products? (Choose three.) A. Token B. Floating C. Umbrella

D. Enterprise E. Authorized F. PVU based (Processor Value Unit) Item 500.8.2.7 A customer has 25 team members but expects no more than 10 team members to use IBM Security AppScan Source at a time. The customer wants to buy the fewest number of licenses to meet its needs. Which type of IBM Security AppScan Enterprise license should the associate solution advisor recommend? A. Floating User License B. Premium User License C. Enterprise User License D. Authorized User License Item 500.8.2.8 A customer's security team will be scanning its organization's applications and sending the results to developers. The organization's developers want to open assessment files, analyze the results, and fix issues but not scan from within Visual Studio. Which IBM Security AppScan Source license should the associate solution advisor recommend for the developers? A. IBM Security AppScan Source Edition for Analysis B. IBM Security AppScan Source Edition for Developer C. IBM Security AppScan Source Edition for Automation D. IBM Security AppScan Source Edition for Remediation

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback