IBM Security AppScan Standard Edition Implementation v8.7 - C2150-199 FREE EXAM DUMPS QUESTIONS & ANSWERS]

Question 1

Which statement is true about an IBM Security AppScan Standard Edition test policy?

A. It controls the type of tests that AppScan will use during a scan. B. It controls the number of pages scanned by AppScan during a scan. C. It configures the depth of a scan used by AppScan during a scan. D. It configures the number of explore/test phases that AppScan will use during a scan.

Discussion 0

Correct Answer: D Vote an answer

Question 2

What is Multiphase Scanning?

A. During an exploratory scan, additional content discovered during the scan is scanned. B. Each test is performed in all three phases: before log on. while the user is logged on. and aftera log out. C. Tests are performed at the same time, from different threads, to identify race conditions. D. During a full scan, additional content discovered during the scan is scanned.

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).

Question 3

Why is it important to define error pages in IBM Security AppScan Standard Edition?

A. There would be is no way to review failed requests. B. Web applications deployed to production may have different server settings. C. Web applications often use customized error pages that may be hard for IBM Security AppScan Standard Edition to recognize automatically. D. This allows IBM Security AppScan Standard Edition to differentiate application errors from server errors.

Discussion 0

Correct Answer: B Vote an answer

Question 4

Which authentication method is supported when IBM Security Authentication Tester PowerTool uses the "brute-force" technique to reveal weak username-password combinations that could be used to gain access to a web application?

A. SecurlD B. Two-Factor C. HTTP D. NTLM

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).

Question 5

You are reviewing scan results and find that for several pages your site returned 5xx Server Error response in a form of custom error page. As a result, several False Positive findings were reported.
How should you remove this kind of False Positive findings?

A. Configure AppScan to recognize such a page as an error page. B. Right-click the security issue and choose the Report False Positive option. C. Configure AppScan to exclude this page from the scan. D. Right-click the security issue and lower the Severity level to Low.

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).

Question 6

An AppScan user captured the following URLs during a recorded login:
http://www.altoromutual.com/ http://www.altoromutual.com/login.jsp http://www.altoromutual.com/doLogin https://www.altoromutual.com/bank/main.jsp
The same user selected an in-session detection pattern of "Hello John Smith".
Given that the "Hello John Smith" string only appears on the in-session page (main.jsp).
Will AppScan be able to stay in-session and successfully scan the application?

A. Yes, AppScan will send the request for the in-session page and detect the in-session pattern. B. No, the in-session detection pattern needs to appear on every page of the application. C. Yes, AppScan does not check the in-session pattern as a means of validating the session. D. No. the in-session page is HTTPS and cannot be interpreted by AppScan.

Discussion 0

Correct Answer: A Vote an answer