C2150-199 Exam Questions
101 real C2150-199 exam questions with expert-verified answers and explanations. Page 2 of 3.
- Question #52
Which authentication method is supported when IBM Security Authentication Tester PowerTool uses the "brute-force" technique to reveal weak username-password combinations that could...
- Question #53
You need a template-based report of all the issue ID and variants found by a scan. How should you create this?
- Question #54
Which two categories of Match Types can be used when specifying Automatic Form Fill values?
- Question #55
Which three statements are true about configuring an IBM Security AppScan Standard Edition test policy?
- Question #56
Which type of vulnerability can occur when a developer exposes a reference to an internal implementation object, such as a file, directory, database record, or key, as a URL or for...
- Question #57
After 30 minutes your scan stops with an out-of-session error. What is a possible cause of this error?
- Question #58
What information does difference displayed in the Request / Response tab provide?
- Question #59
You are scanning a Web site in a pre-production environment. You notice that your scan is running very slowly and there are numerous communication errors. What would you do to reso...
- Question #60
Which type of vulnerability allows an attacker to execute a malicious script in a user browser?
- Question #61
Which statement is true about infrastructure vulnerabilities?
- Question #62
What does secure session management require?
- Question #63
You are scanning a Web application in a pre-production environment. During your initial assessment, you notice that some of the links are specified by IP and some by host name. com...
- Question #64
You expect your scan to cover around 500 pages, but instead it covers 55. What are three possible reasons for this? (Choose three.)
- Question #65
How does in-session detection work?
- Question #66
Which three steps should you take before running a security scan with AppScan? (Choose three.)
- Question #67
Which statement is true about network firewalls preventing Web application attacks?
- Question #68
Which username/passwords combination would NOT be reported as predictable by AppScan?
- Question #69
When would you set up a multi-step operation in AppScan?
- Question #70
What does a Cross-site Scripting vulnerability allow an attacker to do?
- Question #71
AppScan belongs to which category of vulnerability assessment tools?
- Question #72
What are two reasons why it is recommended that a Web application be scanned in a preproduction environment? (Choose two.)
- Question #73
What is indicative of Information Leakage vulnerability?
- Question #74
In the AppScan Application Data view, what can help you determine if your application was fully explored? (Choose two.)
- Question #75
Which statement is true about application-specific vulnerabilities?
- Question #76
What are the implications of Malicious File Execution vulnerabilities?
- Question #77
Where can you find details about a test AppScan executed during a scan?
- Question #78
Which HTTP response codes trigger Application Error vulnerabilities?
- Question #79
AppScanreported a large number of idden files, which you know do not exist on your Web server. What is the likely cause?
- Question #80
How does an attacker exploit Web application vulnerabilities?
- Question #81
Which AppScan report type relates to Sarbanes-Oxley Act, HIPPA and FISMA?
- Question #82
How can an attacker use the information gained by an SQL debug message?
- Question #83
Which type of parameters does AppScan manipulate when testing a .Net Web Service
- Question #84
After scanning your site with AppScan, you notice that your password was changed to 234. What most likely happened?
- Question #85
Which defense is most reliable in protecting a Web application from being hacked?
- Question #86
Directories containing sensitive files must be hidden from the user. What is the best way to hide the existence and content of such a directory?
- Question #87
Why is it important to encrypt the HTTP traffic for an authenticated connection between a client and Web server?
- Question #88
You notice that when you run your scan, your login account gets locked out. How can you resolve the issue?
- Question #89
What information does reasoning displayed in the Request / Response tab provide?
- Question #90
How does AppScan test a Web application?
- Question #91
What happens when AppScan generates an Industry Standard report?
- Question #92
Which three actions should you take if your application requires form-based authentication? (Choose three.)
- Question #93
How do you test a Web service with AppScan?
- Question #94
In which three areas does AppScan test for vulnerabilities?
- Question #95
Which lines in an HTTP response would trigger a positive result from an AppScan test for a vulnerability of type Possible Server Path Disclosure Pattern Found?
- Question #96
Which Web application operation indicates that the application may be vulnerable to Cross-site Request Forgery?
- Question #97
When can an injection type attack occur?
- Question #99
Which type of vulnerability allows an attacker to browse files that shouldn be accessible (e.g. *.bak, "Copy of", *.inc, etc.) or pages restricted forWhich type of vulnerability al...
- Question #100
What is the problem with the following session pattern? Good morning, John!
- Question #101
Your site contains the following URL: In this URL, the Page parameter defines a unique page. How would you configure AppScan to fully explore this site?
- Question #102
To construct a test, AppScan changed an HTTP request by removing the File CFileand First_name parameters and changing the value of the Email_address mail_address parameter to "><sc...