C2150-199 Exam Questions
101 real C2150-199 exam questions with expert-verified answers and explanations. Page 1 of 3.
- Question #1
Which statement is true about Privilege Escalation?
- Question #2
Where would you configure sequence variables?
- Question #3
The application you are testing contains links to external websites. You want to restrict the scan to the designated web application URL. Which configuration option should you use?
- Question #4
Which type of attack steals a user's session cookie after the user browses to a web forum?
- Question #5
What are two acceptable methods to protect sensitive user data?
- Question #6
What are the two main components of the Glass Box agent?
- Question #7
Which three settings can you configure with AppScan Tools Options Scan Options?
- Question #8
What is the simplest method of determining the coverage of a scan configuration, without running a full scan?
- Question #9
Why is it important to define error pages in IBM Security AppScan Standard Edition?
- Question #10
Why is it important that error pages are correctly defined?
- Question #11
What is the goal of a sidejacking web application attack?
- Question #12
Which tab contains the button to replicate a test?
- Question #13
The scan log shows "out of session" detection and the AppScan keeps failing to re-login to the application during the scan. Then you find the login account is locked out by the sys...
- Question #14
Which three finding types can the IBM Security AppScan Standard Edition malware module identify?
- Question #15
What are the two main functions of the Parameters and Cookie view?
- Question #16
Which statement is true about an IBM Security AppScan Standard Edition test policy?
- Question #17
Which log file would be useful in verifying whether or not a particular security test was executed during a test?
- Question #18
A user has recorded a login. AppScan is still reporting an out-of-session error during testing. What should the user check to correct the issue?
- Question #19
Which two login methods allows you to create a login sequence?
- Question #20
In the Login Management view, what does the following icon indicate?
- Question #22
Which statement is true about URL settings in Automatic Form Fill?
- Question #23
What is HTTP Authentication?
- Question #24
What is Multiphase Scanning?
- Question #25
Where can you configure Multi-Step Operations?
- Question #26
Which situation presents a valid reason for reducing the severity ofvulnerability?
- Question #27
An application server stops responding when you run AppScan scan against it but appears to work normally when you manually browse the site after the scan stops. What should you do...
- Question #28
In the Redundancy tuning of Parameters and Cookies view, the following option is disabled, - Explore the URL again whenever this parameter/cookie is added or removed.
- Question #29
You are reviewing scan results and find that for several pages your site returned 5xx Server Error response in a form of custom error page. As a result, several False Positive find...
- Question #30
Which three report templates are available in a Security Report?
- Question #31
In the Automatic Form Fill window, if the URL field is blank for a particular row, which value will be passed for that row's parameter?
- Question #32
Test_domain2.com is included in the additional servers and domains in this scan. What would happen in this situation?
- Question #33
Which type of attack relies on an authenticated user to click a malicious link to perform an unintended action on the target application?
- Question #34
What are three parts of the Explore Options view?
- Question #35
Upon reviewing the URLs that IBM Security AppScan Standard Edition discovered during an automatic explore, you find that the registration success page was not discovered while the...
- Question #36
How do you remove sensitive information from the scan logs?
- Question #37
How can IBM Security AppScan Standard Edition automatically create a navigation structure?
- Question #38
An application you have been tasked with testing uses JavaScript or Java applets that reveal certain parts of the application only when states (such as Hover and Mouse Over) follow...
- Question #39
Do you need to install a license server for IBM Security AppScan Standard Edition V8.7?
- Question #40
Given the following: Security Issues Which type of report is this an example of?
- Question #41
A website consist of several systems and they are separated by directories as follows: How do you setup the Appscan to avoid scanning system2 except the "project" folder under it?
- Question #42
Which two types of reports allow a user to import a custom .asreg file to specify a user- defined template?
- Question #43
What is the purpose of the Automatic Form Fill in the scan configuration?
- Question #44
Which three environment definitions are options in Scan Configuration?
- Question #45
Which login method does NOT support in-session detection?
- Question #46
Which framework does IBM Security AppScan Standard Edition require to be installed?
- Question #47
You just updated the error page for the application. When will that update affect the scan results?
- Question #48
Where would you configure AppScan to identify itself, and the exact stage of the scan, in each HTTP request?
- Question #49
An AppScan user captured the following URLs during a recorded login: The same user selected an in-session detection pattern of "Hello John Smith". Given that the "Hello John Smith"...
- Question #50
Which three reports layout options are available?
- Question #51
What information is available when a vulnerability is discovered via traditional dynamic testing (i.e. not via Glassbox testing or JavaScript analysis)?