C2150-139 Exam Details

  • Exam Code
    :C2150-139
  • Exam Name
    :AppScan Standard Edition
  • Certification
    :IBM Certifications
  • Vendor
    :IBM
  • Total Questions
    :52 Q&As
  • Last Updated
    :Jan 09, 2020

IBM C2150-139 Online Questions & Answers

  • Question 31:

    What is the problem with the following session pattern? Good morning, John!

    A. The pattern does not match the session token pattern.
    B. This in-session pattern can change on the site.
    C. This in-session pattern can be changed in the scan configuration.
    D. Multiple threads can parse this string incorrectly.

  • Question 32:

    AppScan identified a Blind SQL Injection vulnerability in your Web application by sending three requests, all of which modify the searchText parameter in the following way:

    HTTP request 1: 1234 and 'foobar'='foobar' HTTP request 2: 1234 and 'boofar'='foobar' HTTP request 3: 1234 or 'barfoo'='foobar'

    Upon reviewing the three responses, you notice that response 1 and response 3 are identical and response 2 only differs in the fact that the date and time on the page changed (i.e. 23:59 Dec 31, 2008 to 00:01 Jan 1, 2009). What do you conclude from this information?

    A. This is a false positive.
    B. This is an actual vulnerability.
    C. No conclusions can be made, given the information provided.
    D. AppScan failed to log in.

  • Question 33:

    When would you set up a multi-step operation in AppScan?

    A. when your application requires specific user input
    B. when your application requires JavaScript execution
    C. when your application requires a specific flow
    D. when your application has two-factor authentication

  • Question 34:

    AppScan received the following test response:

    An Error Has Occurred

    Summary:

    Syntax error in string in query expression 'userid = ''. Error Message:

    System.Data.OleDb.OleDbException: Syntax error in string in query expression 'userid = ''. at System.Data.OleDb.OleDbCommand.ExecuteCommandTextForSingleResult(tagDBPARAMS dbParams, Object executeResult) at ?

    Which type of vulnerability does this error message indicate?

    A. SQL Injection
    B. Blind SQL Injection
    C. XSS
    D. Possible Server Path Disclosure Found

  • Question 35:

    What does a Cross-site Scripting vulnerability allow an attacker to do?

    A. execute a malicious script on the Web server
    B. change the Web server configuration
    C. steal a user session tokens
    D. drop database tables

  • Question 36:

    What are the implications of Malicious File Execution vulnerabilities?

    A. user impersonation and authentication bypass
    B. authentication bypass and site defacement
    C. site defacement and complete takeover of the application
    D. complete takeover of the application and user impersonation

  • Question 37:

    If the URL to your home page is http://domain.com and it redirects to http://www.domain.com, how would you configure your scan?

    A. do not do anything
    B. configure theAppScan proxy settings
    C. addwww.domain.com to the list of additional domains
    D. edit your DNS settings

  • Question 38:

    Which HTTP response codes trigger Application Error vulnerabilities?

    A. 500
    B. 302
    C. 403
    D. 200

  • Question 39:

    You notice that when you run your scan, your login account gets locked out. How can you resolve the issue?

    A. disables tests on your login and logout pages
    B. disable JavaScript execute
    C. reduce the number of threads
    D. increase the timeout limit

  • Question 40:

    You are scanning a Web application in a pre-production environment. During your initial assessment, you notice that some of the links are specified by IP and some by host name. Your starting URL contains an IP address, http://12.34.56.67/ default.jsp. When the scan completes, you discover that it has not covered a significant portion of your Web application. What could be the reason?

    A. The host name is not added to the list of additional domains and servers.
    B. The scan is configured to use only one connection.
    C. There is no route to IP 12.34.56.67.
    D. You are not licensed to scan IP 12.34.56.67.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IBM exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your C2150-139 exam preparations and IBM certification application, do not hesitate to visit our Vcedump.com to find your solutions here.