Beruflich Dokumente
Kultur Dokumente
com
000-057
IBM
AppScan Source Edition
http://www.twpass.com/twpass.com/exam.aspx?eCode= 000-057
The 000-057 practice exam is written and formatted by Certified Senior IT Professionals working in
today's prospering companies and data centers all over the world! The 000-057 Practice Test covers all
the exam topics and objectives and will prepare you for success quickly and efficiently.
The 000-057 exam is very challenging, but with our 000-057 questions and answers practice exam,
you can feel confident in obtaining your success on the 000-057 exam on your FIRST TRY!
IBM 000-057 Exam Features
- Detailed questions and answers for 000-057 exam
- Try a demo before buying any IBM exam
- 000-057 questions and answers, updated regularly
- Verified 000-057 answers by Experts and bear almost 100% accuracy
- 000-057 tested and verified before publishing
- 000-057 exam questions with exhibits
- 000-057 same questions as real exam with multiple choice options
Acquiring IBM certifications are becoming a huge task in the field of I.T. More over these
exams like 000-057 exam are now continuously updating and accepting this challenge is itself a task.
This 000-057 test is an important part of IBM certifications. We have the resources to
prepare you for this. The 000-057 exam is essential and core part of IBM certifications and
once you clear the exam you will be able to solve the real life problems yourself.Want to take
advantage of the Real 000-057 Test and save time and money while developing your skills to pass
your IBM 000-057 Exam? Let us help you climb that ladder of success and pass your 000-057 now!
000-057
QUESTION: 1
From which three places can remediation information be accessed for a finding? (Choose
three.)
QUESTION: 2
Which three operating systems support all of the client components of AppScan Source
Edition? (Choose three.)
A. OS X
B. Solaris
C. Windows 7
D. Windows XP
E. Red Hat Enterprise Linux
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=2
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 3
Which company offers the primary competition to AppScan Source Edition?
A. Fortify/HP
B. Veracode
C. Microsoft
D. Compuware
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=3
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 4
Why are users not able to create custom rules, set validators, and perform issue management
from the IDE plug-ins?
all users
B. because rules and validators are not configurable
C. because this planned functionality has not yet been extended to the plug-ins
D. because the plug-ins do not communicate directly with the AppScan Core
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=4
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 5
Which approach to security testing is covered by AppScan Source Edition?
A. manual
B. black box
C. white box
D. gray box
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=5
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 6
In which deployment configuration do developers routinely scan their code from an IDE plugin at their own convenience?
A. Late Stage
B. Low Touch
C. Center of Excellence
D. Mature Deployment LDAP
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=6
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 7
What is HTTP response splitting?
QUESTION: 8
What is the first step that should be taken once the Standard Desktop installation has
completed?
QUESTION: 9
Which two statements are true about custom rules and markup? (Choose two.)
A. Users can create their own checks in any file using regular expressions and other
techniques through a configuration screen.
B. Users can mark up third-party libraries and custom code to determine which
vulnerabilities they are concerned about.
C. AppScan Source does not ship with markup for standard libraries and common
frameworks, so users will need to mark up all libraries and methods they want as
sources/sinks in order to get effective scan results.
D. Users can mark up any file from IDE plug-ins or from a configuration screen in
AppScan Source for Security.
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=9
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 10
Which customer situation signals a good opportunity for AppScan Source Edition?
QUESTION: 11
What is the term for a point of input to the application such as request parameters and database
access?
A. root
B. sink
C. source
D. non-validator
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=11
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 12
What are three valid steps to importing Java through an existing Eclipse workspace? (Choose
three.)
A. click Edit > Preferences > Eclipse Workspace Importers and enter the appropriate
information
B. click File > Add Application > Existing Eclipse, Rad, or WSAD Workspace
C. browse for the Eclipse directory during the initial installation of AppScan Source
Edition for Security
D. install the AppScan Source Edition Project Importer plug-in
E. click File > Add Application > Existing Application
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=12
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 13
What are three advantages of AppScan Source Edition over solutions that scan a running
instance of the Web application? (Choose three.)
QUESTION: 14
Which type of security analysis does AppScan Source Edition perform?
A. static analysis
B. dynamic analysis
C. infrastructure analysis
D. external component analysis
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=14
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 15
What are two attack types that alter the command execution on the Web server by altering usersupplied data? (Choose two.)
A. brute force
B. SQL injection
C. buffer overflow
D. session fixation
E. content spoofing
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=15
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 16
At which URL can one find a top ten list of Web application security risks?
A. www.owasp.org
B. www.webappsec.org
C. www.websectop10.org
D. www.ibm.com/software/rational/offerings/websecurity/
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=16
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 17
Which statement is true about the threat modeling process?
QUESTION: 18
What are two ways for a security analyst to import a .NET solution into AppScan Source
Edition for Security? (Choose two.)
QUESTION: 19
Which type of analysis performed by AppScan Source Edition tracks data from source nodes
through intermediate nodes and raises a finding whenever unvalidated data reaches a sink
node?
QUESTION: 20
What is contained in the AppScan Source Core?
A. Portfolio Manager
B. Automation Server
C. Security Knowledgebase
D. Command Line Interface
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=20
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 21
Which three programming languages are supported by AppScan Source? (Choose three.)
A. C++
B. PHP
C. Python
D. Ruby
E. Java/JSP
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=21
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 22
What are the two main roles of the software developer in a Center of Excellence deployment of
AppScan Source Edition? (Choose two.)
A. remediate
B. verify
C. configure
D. scan
E. triage
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=22
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 23
Why are correlated results more likely to be valid security issues?
QUESTION: 24
What are three valid ways to ensure Web application security at the session layer? (Choose
three.)
QUESTION: 25
Which component of AppScan Source Edition is basically a dashboard that can be used to
compare applications against one another, view trends, and identify recurring problem areas?
A. Reporting Console
B. Source Core
C. IDE Plug-ins
D. Security Interface
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=25
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 26
Given the following threat modeling process: What is the missing step?
QUESTION: 27
Which statement is true about the AppScan Source competitor Veracode?
QUESTION: 28
What is a sink in AppScan Source Edition?
QUESTION: 29
What is the most likely reason for buffer overflow attacks against a Web site?
A. denial of service
B. phishing
C. e-shoplifting
D. session hijacking
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=29
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 30
Which two tasks are typically performed from the Triage perspective in the AppScan Source
for Security interface? (Choose two.)
A. set a validator
B. scan an application
C. select and edit filters
D. view a graph of vulnerabilities by type
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=30
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 31
Which activity is a best practice for the server running the production version of a Web
application?
QUESTION: 32
What is a good way to ensure that third-party tools used in a Web application are secure?
QUESTION: 33
Which two installation types can be used to install the AppScan Source command line
interface? (Choose two.)
A. Standard Desktop
B. Server
C. Client
D. Minimal
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=33
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 34
An organization has no in-house security expertise and are just looking for a one-time
assessment. Which AppScan solution best meets their needs?
QUESTION: 35
The Ounce Labs acquisition solidifies IBM s position in which quadrant of the Gartner Magic
Quadrant?
A. leaders
B. visionaries
C. challengers
D. niche players
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=35
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 36
Which phase in the Web application lifecycle involves deploying the application and beta
testing for security and performance?
A. inception
B. elaboration
C. construction
D. transition
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=36
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 37
Which statement is true about integrating AppScan Source Edition with Visual Studio?
A. Visual Studio must already be on the system when AppScan Source is installed.
B. The plug-in is installed from the Visual Studio interface.
C. The plug-in must be installed separately from the AppScan Source command line
interface.
D. AppScan Source Edition only integrates with older versions of Visual Studio.
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=37
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 38
Which statement is true about encrypting a Web application transaction?
QUESTION: 39
Which statement is true about how "Webification" has changed the current security landscape?
QUESTION: 40
What is the basic AppScan Source Edition workflow?
QUESTION: 41
Which two AppScan components are required to automate security scans in the build
environment? (Choose two.)
A. Reporting Console
B. Source Core
C. Source for Remediation
D. Source for Automation
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=41
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 42
Which two tasks are best performed through the Security Interface component of AppScan
Source Edition? (Choose two.)
QUESTION: 43
Which competing company offers an appliance-based solution and is mainly a factor in AsiaPacific deals?
A. Veracode
B. Armorize
C. Fortify
D. Compuware
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=43
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 44
What are the top two Web application security risks? (Choose two.)
A. injection
B. cross-site scripting
C. malicious file execution
D. unvalidated redirects and forwards
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=44
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 45
What is the typical purpose of the Standard Desktop installation of AppScan Source Edition?
QUESTION: 46
A customer asks if AppScan Source Edition supports their specific source code management
system. What is the best way for the sales representative to respond?
A. We integrate directly and seamlessly into most source code management systems.
B. We integrate directly with their build systems, allowing them to preserve any
required source code management workflows.
C. They will probably have to change their source code management workflow, along
with a few other unsecure processes.
D. A powerful source code management system comes packaged with AppScan Source
Edition.
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=46
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 47
Which button on the console shows any errors that occurred during a scan?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=47
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 48
What are the two best ways of optimizing the number of findings generated by an AppScan
Source scan? (Choose two.)
QUESTION: 49
What are the two database options when installing the AppScan Source server? (Choose two.)
A. IBM soldDB
B. Oracle Server
C. Microsoft SQL Server
D. Informix Dynamic Server
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=49
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 50
Which assumption is safe to make when considering the security of a Web application?
QUESTION: 51
Which perspective in the AppScan Source Edition for Security interface offers a high level
view of scan findings?
A. Triage
B. Analysis
C. Dashboard
D. Reporting Console
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=51
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 52
A customer asks if AppScan Source Edition supports dynamic code. What is the best way to
respond?
QUESTION: 53
Which feature of AppScan Source Edition shows findings ranked by severity and confidence
classification?
A. Vulnerability Matrix
B. Assessment Summary
C. Report View
D. Analysis View
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=53
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 54
How is a scan launched from the Security Interface?
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 55
In terms of discovery time, approximately how much more costly is fixing a security
vulnerability after deployment than during design?
A. 3 times
B. 10 times
C. 15 times
D. 30 times
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=55
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 56
What is the main cause of false positives becoming a problem?
QUESTION: 57
According to a 2008 Gartner study, what percent of attacks are directed at Web applications?
A. 25%
B. 45%
C. 75%
D. 95%
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=57
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 58
Which two server components are required for an AppScan Source installation? (Choose two.)
A. Core
B. Database
C. Automation
D. Portfolio Manager
E. Reporting Console
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=58
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 59
What can be accessed from within AppScan Source Edition to get remediation advice for
vulnerabilities?
A. Knowledgebase
B. Vulnerability Matrix
C. Reporting Console
D. Core Database
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=59
-------------------------------------------------------------------------------------------------------------------------------------
QUESTION: 60
CORRECT TEXT Which statement is true about scanning a single file? a. It is recommencieci
that files be scanned one at a time whenever they are mociifieci. B. It is unlikely to contain
meaningful data flow. C. Scanning a single file usually takes longer than scanning an entire
application. D. Two or more files must be selected to launch a scan.
Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=60
-------------------------------------------------------------------------------------------------------------------------------------