C2150-139 Exam Details

  • Exam Code
    :C2150-139
  • Exam Name
    :AppScan Standard Edition
  • Certification
    :IBM Certifications
  • Vendor
    :IBM
  • Total Questions
    :52 Q&As
  • Last Updated
    :Jan 09, 2020

IBM C2150-139 Online Questions & Answers

  • Question 41:

    How do you test a Web service with AppScan?

    A. interact with the Web service methods manually and then runAppScan to send the generated tests automatically
    B. explore the Web service automatically and then manually sends the generated tests one by one
    C. create a Python script for testing the service
    D. explore the Web service automatically and then runAppScan to send the generated tests automatically

  • Question 42:

    Why is it important to encrypt the HTTP traffic for an authenticated connection between a client and Web server?

    A. to prevent SQL injection
    B. to prevent sensitive information from being stolen
    C. to prevent Cross-site Scripting
    D. to prevent Web site defacement

  • Question 43:

    Which type of vulnerability allows an attacker to browse files that shouldn be accessible (e.g. *.bak, "Copy of", *.inc, etc.) or pages restricted forWhich type of vulnerability allows an attacker to browse files that shouldn? be accessible (e.g. *.bak, "Copy of", *.inc, etc.) or pages restricted for users with higher privileges?

    A. Insecure Cryptographic Storage
    B. Injection Flaw
    C. Failure to Restrict URL Access
    D. Insecure Communication

  • Question 44:

    In the AppScan Application Data view, what can help you determine if your application was fully explored? (Choose two.)

    A. Visited URLs B. JavaScripts
    C. Cookies
    D. Broken links

  • Question 45:

    After 30 minutes your scan stops with an out-of-session error. What is a possible cause of this error?

    A. Redundant path limit was too low.
    B. A parameter was not tracked.
    C. Flash parsing was turned off.
    D. Platform authentication was not configured.

  • Question 46:

    Which statement is true about application-specific vulnerabilities?

    A. They exist in third-party components and are fixed by applying security patches.
    B. They are caused by insecure coding and are fixed by modifying the application code.
    C. They are detected using application security scanners and exist in third-party components.
    D. They are known vulnerabilities and are fixed by modifying the application code.

  • Question 47:

    How does in-session detection work?

    A. checks if the in-session pattern is present in every test response you receive from the site
    B. pings the application every 5 seconds and verifies the connection
    C. sends the in-session detection request every 5 seconds and verifies that the in-session pattern exists
    D. updates the session token values to ensure that the user is still logged in

  • Question 48:

    What happens when AppScan generates an Industry Standard report?

    A. It generates and executes industry-specific tests.
    B. It maps the discovered vulnerabilities to a set of industry-specific checkpoints.
    C. It provides industry-specific advisories.
    D. It applies an industry-specific test policy.

  • Question 49:

    Which type of vulnerability can occur when a developer exposes a reference to an internal implementation object, such as a file, directory, database record, or key, as a URL or form parameter?

    A. Cross-site Scripting
    B. Insecure Direct Object Reference
    C. Injection Flaw
    D. Cross Site Request Forgery

  • Question 50:

    Directories containing sensitive files must be hidden from the user. What is the best way to hide the existence and content of such a directory?

    A. configure your Web server to issue a response:403 ?Access forbidden
    B. configure your Web server to issue a response: 302 - Redirect to home
    C. list the directory contents
    D. configure your Web server to issue a response: 404 - Not Found

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IBM exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your C2150-139 exam preparations and IBM certification application, do not hesitate to visit our Vcedump.com to find your solutions here.