Vendor
: IBM
Exam Code : C2150-810
Version: Demo
Cheat-Test, help you pass any IT exam!
Cheat-Test.com - The Worldwide Renowned IT Certification Material Provider! The safer, easier way to help you pass any IT Certification exams.
We provide high quality IT Certification exams practice questions and answers (Q&A). Especially Cisco, Microsoft, HP, IBM, Oracle, CompTIA, Adobe, Apple, Citrix, EMC, Isaca, Avaya, SAP and so on. And help you pass an IT Certification exams at the first try.
Cheat-Test product Features: •
Verified Answers Researched by Industry Experts
•
Questions updated on regular basis
•
Like actual certification exams our product is in multiple-choice questions (MCQs).
•
Our questions and answers are backed by our GUARANTEE.
7x24 online customer service: contact@cheat-test.com
Click Here to get more Free Cheat-Test Certification exams!
http://www.Cheat-Test.com
Q: 1 Which task allows users to specify a Web Context Root for each generated project using Ounce/Ant? A. ounceCli B. ounceCreateProject C. ounce.project_name D. ounce.build.compiler Answer: B Q: 2 What is the difference between AppScan Source Developer and AppScan Source Remediation licenses? A. AppScan Source for Remediation supports only Visual Studio while AppScan Source for Developer supports both Eclipse and Visual Studio. B. AppScan Source Developer allows you to run scans from CLI, while AppScan Source Remediation allows you only to remediate security issues. C. AppScan Source Developer allows you only to remediate security issues, while AppScan Source Remediation allows you to run scans from within the IDE. D. AppScan Source Developer allows you to run scans from within the IDE, while AppScan Source Remediation allows you only to remediate security issues. Answer: A Q: 3 Where are two places you can open a saved bundle? A. AppScan Standard B. AppScan Enterprise Server C. AppScan Source for Analysis D. AppScan Source for Automation E. AppScan Source for Development Answer: C, E Q: 4 You just scanned an application with over total 10,000 findings. Many of the findings are in a particular API, which you know is not vulneral Without re-scanning the application, what should you do to reduce the number of visible findings in the assessment? A. Create a custom rule. B. Create a custom filter. C. Set the severity of each finding to Info. D. Set the vulnerability type of each finding to null. Answer: D Q: 5 You are reviewing a banking application and find a lost sink method called performTransactionf...) that sends requested transaction information (bill payment, funds transfer, etc) to the back-end COBOL application running on IBM System z mainframe that actually moves the money. Which type of custom rule should you create for this method? A. Sink B. Source C. Taint Propagator D. Tainted Callback
F. Not Susceptible to taint Answer: D Q: 6 To scan JavaScript included within an ASP.NET application, which additional steps must be completed to ensure these artifacts are scanned? A. Create a C# project type B. Import the Visual Studio Solution C. Build a build.xml file and add it to the application project D. Manually create a JavaScript project type and add it to the application Answer: B Q: 7 You are reviewing a cloud storage locker application that is used to store and share user files and backups. You come across Cross -Site Scripting findings with data coming from several different sources. The customer you are working with is just getting started and is looking for highest priority issues only, so you need to focus on those issues that originate from the source that poses the highest risk. Which source poses the highest risk? A. SqlDB.getValue() B. Zipaypto.extract() C. ConfigXML.getConfigValue() D. FileUpload.getFileContents() E. TCPNetworkHandler.getByteArray() Answer: D Q: 8 Which two languages can be scanned by the AppScan Source CLI? A. C++ B. Java C. Fortran D. Haskell E. ActionScript Answer: A, B Q: 9 You are reviewing a thick client application and come upon File Injection findings in a function that opens zip files and extracts data from them, but the customer you are working with tells you that the data is sanitized using a method mySanitizer.validateZip(..). You confirm this and decide to remove this vulnerability and other File Injection findings with sanitized data using the Remove functionality of the Trace section in the Filter Editor. What do you need to do in the Trace Rule Entry dialog to ensure that the rule you create applies only to this application's zip extractor and not all File Inclusion findings? A. Specify Sink method name. B. Specify File Inclusion as Sink property. C. Specify File Inclusion as Source property. D. Add validateZipO to the Required Calls section. E. Add validateZipO to the Prohibited Calls section. Answer: B
Q: 10 You are analyzing a client-server application that has "thick" clients that run on Windows and Android. You come across several Remote Command Execution findings with data originating from several different Sources. The customer you are working with is worried about the developers pushing back on low priority findings, so you need to remove those originating from sources that pose the lowest risk. Which Sources pose the lowest risk? A. SqlDB.getValue(...) B. ZipCrypto.extract(...) C. NativeCode.performOperation(...) D. WebService.performOperation(...) E .RPCHandler.performOperation(...) Answer: D