IBM.braindumps.C2150 199.v2015!03!27.by.duane.45q Unprotected

www.vceplus.com - Website designed to help IT pros advance their careers - Born to Learn

BrainDumps.C2150-199_45,questions

Number: C2150-199Passing Score: 800Time Limit: 120 minFile Version: 19.04

The questions in the dump are fantastic, the test will take different versions of the questions and display the answers differently.

The information provided in braindumps is only the information that could be remembered

Brain dumps is not hinder your ability to learn the material

Braindumps has been used in the past, and I can honestly say they helped me pass some exams . Now it has been many changes and upaddition.

Good explanation provided and the references added most of the questions.

Video Training (PHP, PYTHON, JAVA, Nodejs, .NET, UX UI, SECURITY, ANDROID, IOS ..SEO, BITCOIN, YOUTUBE, FACEBOOK..) & Dumps & Student Guide (Cisco, Vmware, Oracle, REDHAT LINUX ..) & Workshop Update Daily https://goo.gl/VVmVZ0

How to download: Click <I'm not Robot > Wait 3s > Click "Get Link">


Exam A

QUESTION 1Which login method does NOT support in-session detection?

A. NoneB. PromptC. RecordedD. Automatic

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 2Which framework does IBM Security AppScan Standard Edition require to be installed?

A. GWTB. Java SDKC. Windows MVCD. NET framework

Correct Answer: DSection: (none)Explanation


QUESTION 3You just updated the error page for the application.

When will that update affect the scan results?

A. ImmediatelyB. After the next time you open the scan




C. After you click "Apply to Current Results"D. After the next scan of the same application

Correct Answer: CSection: (none)Explanation


QUESTION 4Where would you configure AppScan to identify itself, and the exact stage of the scan, in each HTTP request?

A. Custom Headers identify as AppScanB. Custom Headers > Include AppScan debug headers in all requestsC. Advanced Configuration View > Include AppScan debug headers in all requestsD. Advanced Custom Parameters > Include AppScan debug headers in all requests


Explanation/Reference:answer is corrected.

QUESTION 5Upon reviewing the URLs that IBM Security AppScan Standard Edition discovered during an automatic explore, you find that the registration success page was notdiscovered while the registration page itself was.

Which tool allows you to resolve this issue?

A. Manual ExploreB. Legacy ExploreC. Multiphase ExploreD. Web service Explore

Correct Answer: ASection: (none)Explanation




Explanation/Reference:Explanation:

QUESTION 6How do you remove sensitive information from the scan logs?

A. Disable scan logsB. Disable request/response loggingC. Enable Sanitize logs in advanced configurationD. Use the Customize Scan Log to disable sensitive information


Explanation/Reference:References:

QUESTION 7How can IBM Security AppScan Standard Edition automatically create a navigation structure?

A. By reading the site mapB. By analyzing web server responsesC. By following manual explore steps to buildD. By analyzing breadcrumbs and extrapolating content



QUESTION 8An application you have been tasked with testing uses JavaScript or Java applets that reveal certain parts of the application only when states (such as Hover andMouse Over) follow each other in a specific order.

Which tool would allow for these parts of the application to be tested in IBM Security AppScan Standard Edition?




A. Scan ExpertB. Manual ExploreC. Scan SchedulerD. Automatic Explore



QUESTION 9You need a template-based report of all the issue ID and variants found by a scan.

How should you create this?

A. «AS:lssueTypeRepeaterStart» «AS:lssueRepeaterStart» «AS:VariantlD» «AS:VariantTestRequest» «AS:lssueRepeaterEnd» «AS:lssueTypeRepeaterEnd»B. «AS:lssueTypeRepeaterStart» «AS:VariantlD» «AS:VariantTestRequest» «AS:lssueTypeRepeaterEnd»C. «AS:lssueTypeRepeaterStatt» «AS:RemediationRepeaterStart» «AS:VariantlD» «AS:VariantTestRequest» «AS:RemediationRepeaterEnd»

«AS:lssueTypeRepeaterEnd»D. «AS:lssueTypeRepeaterStart» «AS:VuInerableRepeaterStart» «AS:VariantlD» «AS:VariantTestRequest» «AS:VulnerableRepeaterEnd»

«AS:IssueTypeRepeaterEnd»



QUESTION 10Which two categories of Match Types can be used when specifying Automatic Form Fill values?

A. PartialB. LimitedC. IndividualD. Complete




E. Dependent

Correct Answer: ADSection: (none)Explanation


QUESTION 11Which three statements are true about configuring an IBM Security AppScan Standard Edition test policy?

A. A test policy can be searched.B. A test policy cannot be changed.C. A test policy contains error page definitions.D. A test policy can be grouped by its OWASP classification.E. A test policy contains advisory information about each test.F. A test policy can be configured to include or exclude test variants.

Correct Answer: ACFSection: (none)Explanation


QUESTION 12The application you are testing contains links to external websites. You want to restrict the scan to the designated web application URL.

Which configuration option should you use?

A. Enable Scan only links in and below this directory.B. Add links to external website to the Exclude Paths list.C. AppScan automatically identifies the website during a test.D. Edit the hosts file to map the production website to the test website.





Explanation/Reference:answer is valid.

QUESTION 13Which type of attack steals a user's session cookie after the user browses to a web forum?

A. DOMXSSB. Stored XSSC. Mirrored XSSD. Reflected XSS



QUESTION 14What are two acceptable methods to protect sensitive user data?

A. HashingB. URL EncodingC. DES EncryptionD. AES EncryptionE. Base 64 Encoding

Correct Answer: BESection: (none)Explanation


QUESTION 15What are the two main components of the Glass Box agent?

A. gbAgent.jar Java agent




B. GBApp.war web applicationC. glassbox_agentjar Java agentD. G Bootstrap .war web applicationE. glassbox_server.war web application

Correct Answer: DESection: (none)Explanation


QUESTION 16Which three settings can you configure with AppScan Tools Options Scan Options?

A. Configure NTLM loginB. Enable or disable the scan logC. Define the AppScan proxy portD. Configure a scan to use custom proxy settingsE. Change the default report format from PDF to RTFF. Configure the automatic save time interval for scans

Correct Answer: BCFSection: (none)Explanation


QUESTION 17What is the simplest method of determining the coverage of a scan configuration, without running a full scan?

A. Run a Manual ExploreB. Run an Automatic ExploreC. Run the Connection Test toolD. Generate a Delta Analysis Report

Correct Answer: B




Section: (none)Explanation


QUESTION 18Why is it important to define error pages in IBM Security AppScan Standard Edition?

A. There would be is no way to review failed requests.B. Web applications deployed to production may have different server settings.C. This allows IBM Security AppScan Standard Edition to differentiate application errors from server errors.D. Web applications often use customized error pages that may be hard for IBM Security AppScan Standard Edition to recognize automatically.



QUESTION 19Why is it important that error pages are correctly defined?

A. IBM Security AppScan Standard Edition cannot handle redirection without correctly defined error pages.B. IBM Security AppScan Standard Edition cannot maintain session state without correctly defined error pages.C. If IBM Security AppScan Standard Edition understands the application's request is an error, it can more properly pass or fail certain tests.D. If IBM Security AppScan Standard Edition understands the application's response is an error, it can more properly pass or fail certain tests.



QUESTION 20What is the goal of a sidejacking web application attack?




A. User impersonationB. User password resetC. Denial of service against target websiteD. Purging of the target website database schema



QUESTION 21Which tab contains the button to replicate a test?

A. AdvisoryB. Issue InformationC. Request/ResponseD. Fix Recommendation



QUESTION 22The scan log shows "out of session" detection and the AppScan keeps failing to re-login to the application during the scan. Then you find the login account islocked out by the system due to multiple fail attempts.

How do you resolve this?

A. Reset the login sequenceB. Reset the in-session patternC. Disable the testing login/logout pagesD. Set "Prompt" login method under Login management

Correct Answer: B




Section: (none)Explanation


QUESTION 23Which three finding types can the IBM Security AppScan Standard Edition malware module identify?

A. Link InjectionsB. Broken external linksC. Unwanted internal linksD. Malicious external linksE. Unwanted external linksF. Unclassified external links

Correct Answer: DEFSection: (none)Explanation


QUESTION 24What are the two main functions of the Parameters and Cookie view?

A. Control the default treatment of parameters and cookiesB. Assign special treatment to specific parameters and cookiesC. Configure parameters and cookies to ignore specific types of filesD. Configure parameters and cookies to ignore certain paths in the applicationE. Configure parameters and cookies relevant to tests during the scan, resulting in a faster and moreaccurate scan

Correct Answer: ABSection: (none)Explanation

Explanation/Reference:answer is updated.




QUESTION 25Which statement is true about an IBM Security AppScan Standard Edition test policy?

A. It controls the type of tests that AppScan will use during a scan.B. It configures the depth of a scan used by AppScan during a scan.C. It controls the number of pages scanned by AppScan during a scan.D. It configures the number of explore/test phases that AppScan will use during a scan.



QUESTION 26Which log file would be useful in verifying whether or not a particular security test was executed during a test?

A. Scan logB. Update logC. Security logD. AppScan log



QUESTION 27A user has recorded a login. AppScan is still reporting an out-of-session error during testing.

What should the user check to correct the issue?

A. That the login sequence was not recorded via HTTPSB. That the in-session detection pattern has been identified correctlyC. That the application server has been identified in the environmental settingsD. That the JavaScript Execution option has been enabled in scan configuration






QUESTION 28Which two login methods allows you to create a login sequence?

A. NoneB. PromptC. RecordedD. Multi-stepE. Automatic

Correct Answer: BCSection: (none)Explanation


QUESTION 29In the Login Management view, what does the following icon indicate?

A. A login has been recorded.B. In-session detection is active.C. Valid credentials have been provided for automatic login.D. IBM Security AppScan Standard Edition has been set to prompt for all future authentication.






QUESTION 30The starting URL is: http://www.mysite.com/myfolder/index.aspx. You want to restrict the scan to the folder: http ://www.mysite.com/myfolder/.

How should you configure the scan?

A. 1.Add an Exclude item with path http://www.mysite.com/myfolder/2.Add an Exception item below the Exclude item, with the path of the folder to be scanned:http://www.mysite.com/

B. 1.Add an Exception item with path http://www.mysite.com/myfolder/2.Add an Exclude item below the Exclude item, with the path of the folder to bescanned:http://www.mysite.com

C. 1.Add an Exclude item with path http://www.mysite.com/2.Add an Exception item below the Exclude item, with the path of the folder to be canned:http://www.mysite.com/myfolder/

D. 1.Add an Exception item with path http://www.mysite.com/2.Add an Exclude item below the Exclude item, with the path of the folder to be scanned:http://www.mysite.com/myfolder/



QUESTION 31Which statement is true about URL settings in Automatic Form Fill?

A. If a URL is not provided for a value, this value will not be used.B. If a URL is provided for a value, this value will be used only for parameters in this URL.C. If a URL is not provided for a value, this value will be used only if match type is Complete.D. If a URL is provided for a value, this value will be used only for parameters in this URL and if match type is Complete.






QUESTION 32What is HTTP Authentication?

A. A way of authenticating users using headersB. Transport level authentication using certificatesC. A way of authenticating users using a html formD. The process of verifying HTTP responses for security issues



QUESTION 33What is Multiphase Scanning?

A. During a full scan, additional content discovered during the scan is scanned.B. During an exploratory scan, additional content discovered during the scan is scanned.C. Tests are performed at the same time, from different threads, to identify race conditions.D. Each test is performed in all three phases: before log on. while the user is logged on. and aftera log out.



QUESTION 34Which three report templates are available in a Security Report?

A. QAB. CompleteC. DeveloperD. High severityE. Trending Data




F. Executive Summary

Correct Answer: DEFSection: (none)Explanation


QUESTION 35In the Automatic Form Fill window, if the URL field is blank for a particular row, which value will be passed for that row's parameter?

A. BlankB. That row's parameter valueC. The parameter will be skipped.D. The value of the "Fill unknown fields with" box



QUESTION 36A starting URL is http://test_domain1 .com. scan only links in and below this directory is enabled. Test_domain2.com is included in the additional servers anddomains in this scan.

What would happen in this situation?

A. Test_domain1 .com and test_domain2.com will be scanned.B. Only test_domain2.com will be scanned, because Additional Servers and Domains setting takes precedence.C. Only test_domain1 .com will be scanned, because Scan only links and below this directory takes precedence.D. Test_domain1 .com will be scanned and test_domain2.com will be scanned only if test_domain1 .com contain links to test domain2.com.






QUESTION 37Which type of attack relies on an authenticated user to click a malicious link to perform an unintended action on the target application?

A. SQL injectionB. Directory traversalC. Cross-site scriptingD. Cross-site request forgery



QUESTION 38What are three parts of the Explore Options view?

A. Click Depth LimitB. Use Client-Side CertificateC. Set the Number of ThreadsD. Use custom proxy settingsE. Parse Flash to discover URLsF. Execute JavaScript when replaying login

Correct Answer: AEFSection: (none)Explanation


QUESTION 39Which statement is true about Privilege Escalation?

A. It requires only one scan to be run.




B. It can be detected by inadvertently triggered security issues.C. IBM Security AppScan Standard Edition cannot perform Privilege Escalation.D. Scans being compared must have the same scan configuration and equivalent explore data.



QUESTION 40Where would you configure sequence variables?

A. In Visual StudioB. In a configuration file using a text editorC. In the Tools > Options > Multi-Step Operations screenD. In the Scan Configuration > Parameters and Cookies screen


Explanation/Reference:answer is modified.

QUESTION 41Where can you configure Multi-Step Operations?

A. Explore > Manual ExploreB. Tools > Options > Multi-Step OperationsC. Job Configuration > Multi-Step OperationsD. Scan Configuration > Multi Step Operations






References:

QUESTION 42Which situation presents a valid reason for reducing the severity of vulnerability?

A. A Medium severity Link Injection vulnerability should be reduced when it only occurs on a login page.B. A High severity SQL Injection vulnerability should be reduced when the affected database is read only.C. A High severity Cross-Site Scripting vulnerability is confirmed to be a Reflected XSS and would require user authentication to be exploited.D. A High severity Unencrypted Login Request vulnerability should be reduced when the application is using a database that is encrypted with Triple DES (Data

Encryption Standard) and a 168 bit key.



QUESTION 43An application server stops responding when you run AppScan scan against it but appears to work normally when you manually browse the site after the scanstops.

What should you do to fix this issue?

A. Change the browser agent.B. Run the scan when there is less network traffic.C. Lower the number of threads AppScan tests with.D. Lower the response time by which AppScan waits for your application to reply.



QUESTION 44In the Redundancy tuning of Parameters and Cookies view, the following option is disabled,- Explore the URL again whenever this parameter/cookie is added or removed.




A. ...page.jsp will not be explored...page.jsp?thisParam=Value will be exploredB. ...page.jsp will be explored...page.jsp?thisParam=Value will be exploredC. ...page.jsp will be explored...page.jsp?thisParam=Value will not be exploredD. ...page.jsp will not be explored...page.jsp?thisParam=Value will not be explored



QUESTION 45You are reviewing scan results and find that for several pages your site returned 5xx Server Error response in a form of custom error page. As a result, severalFalse Positive findings were reported.

How should you remove this kind of False Positive findings?

A. Configure AppScan to exclude this page from the scan.B. Configure AppScan to recognize such a page as an error page.C. Right-click the security issue and lower the Severity level to Low.D. Right-click the security issue and choose the Report False Positive option.


Explanation/Reference:corrected.



Documents

IBM.braindumps.C2150 199.v2015!03!27.by.duane.45q Unprotected