Simulation of C2150-810 vce materials and bootcamp for IBM certification for consumer, Real Success Guaranteed with Updated C2150-810 pdf dumps vce Materials. 100% PASS IBM Security AppScan Source Edition Implementation exam Today!
2021 Apr C2150-810 Study Guide Questions:
Q21. Which feature is available in the AppScan Source IDE Plugin?
A. Create Custom Rules
B. Generate PDF reports
C. Create scan configurations
D. View Trace Information for a given finding
Answer: A
Reference:http://www-01.ibm.com/support/knowledgecenter/search/m%20rules%20and%20plug-in%20us?scope=SSS9LM_8.8.0
Q22. Which view in the Visual Studio IDE Plugin allows a user to focus on results in which they are interested?
A. Trace View
B. Filters View
C. Define Variables View
D. Customer Rules View
Answer: B
Reference:http://pic.dhe.ibm.com/infocenter/appsrc/v8r6/topic/com.ibm.security.appscansrc .infocenter.nav.doc/pdf/Security_AppScan_Source_Analysis.pdf(Seefilter overview second paraPage#83).
Q23. What is the function of the Correlated Security Issues report in AppScan Enterprise?
A. It is used by a security expert to investigate complex findings.
B. It tracks progress of an application during a specified period of time.
C. It displays the correlated issues between static analysis and dynamic analysis.
D. It displays the correlated issues between glass box analysis and dynamic analysis.
Answer: C
Reference:http://pic.dhe.ibm.com/infocenter/asehelp/v8r7m0/index.jsp
Rebirth C2150-810 practice question:
Q24. What is "Automatic Propagator Markup" advanced setting in Scan Configuration view?
A. It marks all sinks as "taint propagators".
B. It marks all sources as "taint propagators".
C. It marks all lost sinks as "taint propagators".
D. It marks all lost sources as "taint propagators".
Answer: C
Reference:https://www.google.com.pk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad =rja&uact=8&ved=0CBsQFjAA&url=http%3A%2F%2Fwww.ibm.com%2Fsupport%2Fdocvi ew.wss%3Fuid%3Dswg21667599&ei=G5v8U5_iJsmH4gTGi4H4Cw&usg=AFQjCNFHuUIt0 DWnThoe5IAs-rFDPJfbPg
Q25. Which two licenses can be used for AppScan Source IDE plug-ins?
A. IBM Security AppScan Source for Quality
B. IBM Security AppScan Source for Analysis
C. IBM Security AppScan Source for Developer
D. IBM Security AppScan Source for Automation
E. IBM Security AppScan Source for Remediation
Answer: C,D
Q26. Reports in AppScan Source Edition can be exported in which two formats?
A. pdf
B. xml
C. html
D. Microsoft Excel
E. Microsoft Word
Answer: A,B
Accurate C2150-810 guidance:
Q27. You are reviewing a thick client application and come upon File Injection findings in a function that opens zip files and extracts data from them, but the customer you are working with tells you that the data is sanitized using a method mySanitizer.validateZip(..). You confirm this and decideto remove this vulnerability and other File Injection findings with sanitized data using the Remove functionality of the Trace section in the Filter Editor.
What do you need to do in the Trace Rule Entry dialog to ensure that the rule you create applies only to this application's zip extractor and not all File Inclusion findings?
A. Specify Sink method name.
B. Specify File Inclusion as Sink property.
C. Specify File Inclusion as Source property.
D. Add validateZipO to the Required Calls section.
E. Add validateZipO to the Prohibited Calls section.
Answer: B
Q28. You are reviewing a cloud storage locker application that is used to store and share user files and backups. You come across Cross-Site Scripting findings with data coming from several different sources. The customer you are working with is just getting started and is looking for highest priority issues only, so you need to focus on those issues that originate from the source that poses the highest risk.
Which source poses the highest risk?
A. SqIDB.getValueO
B. ZipCrypto.extract()
C. ConfigXMLgetConfigValue()
D. FileUpload.getFileContents()
E. TCPNetworkHandler.getByteArray()
Answer: D
Q29. To scan JavaScript included within an ASP.NET application, which additional steps must be completed to ensure these artifacts are scanned?
A. Create a C# project type
B. Import the Visual Studio Solution
C. Build a build.xml file and add it to the application project
D. Manually create a JavaScript project type and add it to the application
Answer: B
Q30. You are scanning a thick client application that receives data over a custom TCP/IP protocol provided by the application's framework method AppComm.getReceivedMessage().
Which rule would you create for this method to capture and trace the incoming data?
A. Sink
B. Source
C. Taint Propagator
D. Not Susceptible to Taint
Answer: B