Vendor: IBM
Exam Code: C2150-057
Exam Name: AppScan Source Edition
QUESTION 1
Which approach to security testing is covered by AppScan Source Edition?
A. manual
B. black box
C. white box
D. gray box
Answer: C
QUESTION 2
In which deployment configuration do developers routinely scan their code from an IDE plug-in at their own convenience?
A. Late Stage
B. Low Touch
C. Center of Excellence
D. Mature Deployment LDAP
Answer: B
QUESTION 3
Which three operating systems support all of the client components of AppScan Source Edition? (Choose three.)
A. OS X
B. Solaris
C. Windows 7
D. Windows XP
E. Red Hat Enterprise Linux
Answer: CDE
QUESTION 4
Which company offers the primary competition to AppScan Source Edition?
A. Fortify/HP
B. Veracode
C. Microsoft
D. Compuware
Answer: A
QUESTION 5
Why are users not able to create custom rules, set validators, and perform issue management from the IDE plug-ins?
A. because these tasks should be performed by specialists and applied consistently by all users
B. because rules and validators are not configurable
C. because this planned functionality has not yet been extended to the plug-ins
D. because the plug-ins do not communicate directly with the AppScan Core
Answer: A
QUESTION 6
What is HTTP response splitting?
A. changing Web pages in the cache to attack users
B. overloading a server with excess information
C. altering information, such as product prices, in hidden fields
D. modifying cookies to gain access to other users’ accounts
Answer: A
QUESTION 7
What is the first step that should be taken once the Standard Desktop installation has completed?
A. set the admin password
B. create the database user
C. import custom filters
D. import an application or environment
Answer: A
QUESTION 8
Which two statements are true about custom rules and markup? (Choose two.)
A. Users can create their own checks in any file using regular expressions and other techniques through a configuration screen.
B. Users can mark up third-party libraries and custom code to determine which vulnerabilities they are concerned about.
C. AppScan Source does not ship with markup for standard libraries and common frameworks, so users will need to mark up all libraries and methods they want as sources/sinks in order to get effective scan results.
D. Users can mark up any file from IDE plug-ins or from a configuration screen in AppScan Source for Security.
Answer: AB
QUESTION 9
Which customer situation signals a good opportunity for AppScan Source Edition?
A. They have an in-house team of security specialists.
B. They are looking for the solution with the lowest price.
C. Their application is just entering production.
D. They are short on time due to delays in application development.
Answer: A
QUESTION 10
From which three places can remediation information be accessed for a finding? (Choose three.)
A. from the IDE using a developer plug-in
B. from the Analysis view in the Security Interface
C. from the Reporting Console
D. from the AppScan Knowledgebase Web site
E. from the Triage view in the Security Interface
Answer: ABC
20% Free Updated Passleader IBM C2150-057 Certification Dumps