IBM Security AppScan Source Edition Implementation (C2150-810) Free Practice Test
Question 1
Which mechanism is used to share filtered results?
Correct Answer: B
Question 2
You are reviewing a cloud storage locker application that is used to store and share user files and backups. You come across Cross-Site Scripting findings with data coming from several different sources. The customer you are working with is just getting started and is looking for highest priority issues only, so you need to focus on those issues that originate from the source that poses the highest risk.
Which source poses the highest risk?
Which source poses the highest risk?
Correct Answer: D
Question 3
When scanning a .NET application, an error is reported. AppScan indicates that source information is not available for a given assembly.
What must be done to fix the error?
What must be done to fix the error?
Correct Answer: B
Question 4
You are reviewing a thick client application and come upon File Injection findings in a function that opens zip files and extracts data from them, but the customer you are working with tells you that the data is sanitized using a method mySanitizer.validateZip{..). You confirm this and decide to remove this vulnerability and other File injection findings with sanitized data using the Remove functionality of the Trace section in the Filter Editor.
In which area of the Trace Rule Entry dialog would you add mySanitizer.validateZip(..) method?
In which area of the Trace Rule Entry dialog would you add mySanitizer.validateZip(..) method?
Correct Answer: A
Question 5
You are reviewing an application and discover a method called doSomethingQ that retrieves and returns data from another system.
Which type of custom rule do you need to create for AppScan Source to properly capture this data?
Which type of custom rule do you need to create for AppScan Source to properly capture this data?
Correct Answer: B