Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

IBM C2150-810 Exam -

Free C2150-810 Sample Questions:

Q: 1
Which task allows users to specify a Web Context Root for each generated project using Ounce/Ant?
A. ounceCli
B. ounceCreateProject
C. ounce.project_name
Answer: B

Q: 2
What is the difference between AppScan Source Developer and AppScan Source Remediation licenses?
A. AppScan Source for Remediation supports only Visual Studio while AppScan Source for Developer supports both Eclipse and Visual Studio.
B. AppScan Source Developer allows you to run scans from CLI, while AppScan Source Remediation allows you only to remediate security issues.
C. AppScan Source Developer allows you only to remediate security issues, while AppScan Source Remediation allows you to run scans from within the IDE.
D. AppScan Source Developer allows you to run scans from within the IDE, while AppScan Source Remediation allows you only to remediate security issues.
Answer: A

Q: 3
Where are two places you can open a saved bundle?
A. AppScan Standard
B. AppScan Enterprise Server
C. AppScan Source for Analysis
D. AppScan Source for Automation
E. AppScan Source for Development
Answer: C, E

Q: 4
You just scanned an application with over total 10,000 findings. Many of the findings are in a particular API, which you know is not vulneral
Without re-scanning the application, what should you do to reduce the number of visible findings in the assessment?
A. Create a custom rule.
B. Create a custom filter.
C. Set the severity of each finding to Info.
D. Set the vulnerability type of each finding to null.
Answer: D

Q: 5
You are reviewing a banking application and find a lost sink method called performTransactionf...) that sends requested transaction information (bill payment, funds transfer, etc) to the back-end COBOL application running on IBM System z mainframe that actually moves the money.
Which type of custom rule should you create for this method?
A. Sink
B. Source
C. Taint Propagator
D. Tainted Callback
F. Not Susceptible to taint
Answer: D

Q: 6
To scan JavaScript included within an ASP.NET application, which additional steps must be completed to ensure these artifacts are scanned?
A. Create a C# project type
B. Import the Visual Studio Solution
C. Build a build.xml file and add it to the application project
D. Manually create a JavaScript project type and add it to the application
Answer: B

Q: 7
You are reviewing a cloud storage locker application that is used to store and share user files and backups. You come across Cross -Site Scripting findings with data coming from several different sources. The customer you are working with is just getting started and is looking for highest priority issues only, so you need to focus on those issues that originate
from the source that poses the highest risk.
Which source poses the highest risk?
A. SqlDB.getValue()
B. Zipaypto.extract()
C. ConfigXML.getConfigValue()
D. FileUpload.getFileContents()
E. TCPNetworkHandler.getByteArray()
Answer: D

Q: 8
Which two languages can be scanned by the AppScan Source CLI?
A. C++
B. Java
C. Fortran
D. Haskell
E. ActionScript
Answer: A, B

Q: 9
You are reviewing a thick client application and come upon File Injection findings in a function that opens zip files and extracts data from them, but the customer you are working with tells you that the data is sanitized using a method mySanitizer.validateZip(..). You confirm this and decide to remove this vulnerability and other File Injection findings with sanitized data using the Remove functionality of the Trace section in the Filter Editor.
What do you need to do in the Trace Rule Entry dialog to ensure that the rule you create applies only to this application's zip extractor and not all File Inclusion findings?
A. Specify Sink method name.
B. Specify File Inclusion as Sink property.
C. Specify File Inclusion as Source property.
D. Add validateZipO to the Required Calls section.
E. Add validateZipO to the Prohibited Calls section.
Answer: B

Q: 10
You are analyzing a client-server application that has "thick" clients that run on Windows and Android. You come across several Remote Command Execution findings with data originating from several different Sources. The customer you are working with is worried about the developers pushing back on low priority findings, so you need to remove those originating from sources that pose the lowest risk.
Which Sources pose the lowest risk?
A. SqlDB.getValue(...)
B. ZipCrypto.extract(...)
C. NativeCode.performOperation(...)
D. WebService.performOperation(...)
E .RPCHandler.performOperation(...)
Answer: D

© 2014, All Rights Reserved