Exam 000-139 preparation questions

Page 1

Exam 000­139 study material Made available by Testkingprep.com

Free 000­139 Exam Preparation Questions Exam 000­139 : AppScan Standard Edition

For Latest 000­139 Exam Questions and study guides­ visit­ http://www.testkingprep.com/000­139.html

For Latest 000­139 Exam Questions and study guides­ visit­ http://www.testkingprep.com/000­139.html

Question:1 Which type of vulnerability allows an attacker to browse files that shouldn be accessible (e.g. *.bak, "Copy of", *.inc, etc.) or pages restricted forWhich type of vulnerability allows an attacker to browse files that shouldn? be accessible (e.g. *.bak, "Copy of", *.inc, etc.) or pages restricted for users with higher privileges? A. Insecure Cryptographic Storage B. Injection Flaw C. Failure to Restrict URL Access D. Insecure Communication Answer: C Question:2 Which HTTP response codes trigger Application Error vulnerabilities? A. 500 B. 302 C. 403 D. 200 Answer: A Question:3 AppScan reported a large number of idden files, which you know do not exist on your Web server.What is the likely cause? A. You did not define a custom error page. B. AppScan created all these files on the server. C. You did not exclude third-party domains. D. Somebody put the files on the server. Answer: A Question:4 How does an attacker exploit Web application vulnerabilities? A. by hacking the firewall B. by installing viruses on a user machineby installing viruses on a user? machine C. by sending malicious HTTP requests D. by sniffing the traffic between a user and the Web server Answer: C Question:5 Which AppScan report type relates to Sarbanes-Oxley Act, HIPPA and FISMA? A. Compliance B. WASC Threat Classification C. OWASP Top 10 D. Delta Analysis Answer: A Question:6 An AppScan test successfully embedded the following lines in an HTTP response header (in bold): HTTP/1.1 200 OK Content-Length: 5710 Connection: close Date: Wed, 07 May 2008 19:36:28 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Set-Cookie: lang=Foobar AppScanHeader: AppScanValue/1.2-3 SecondAppScanHeader: whatever; path=/ CacheControl: private Content-Type: text/html; charset=utf-8 Which type of vulnerability does this indicate? A. Cross-site Scripting B. XPath Injection C. HTTP Response Splitting D. SQL Injection Answer: C

For Latest 000­139 Exam Questions and study guides­ visit­ http://www.testkingprep.com/000­139.html

For complete Exam 000-139 Training kits and Self-Paced Study Material Visit: http://www.testkingprep.com/000-139.html

http://www.testkingprep.com/

For Latest 000­139 Exam Questions and study guides­ visit­ http://www.testkingprep.com/000­139.html

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.