Page 1



: IBM 000-M24


: M24 IBM Rational AppScan Technical Sales Mastery Test v1

Version : R6.1    

Prepking - King of Computer Certification Important Information, Please Read Carefully Other Prepking products A) Offline Testing engine Use the offline Testing engine product to practice the questions in an exam environment. B) Study Guide (not available for all exams) Build a foundation of knowledge which will be useful also after passing the exam. Latest Version We are constantly reviewing our products. New material is added and old material is updated. Free updates are available for 90 days after the purchase. You should check your member zone at Prepking and update 3-4 days before the scheduled exam date. Here is the procedure to get the latest version: 1.Go 2.Click on Member zone/Log in (right side) 3. Then click My Account 4.The latest versions of all purchased products are downloadable from here. Just click the links. For most updates,it is enough just to print the new questions at the end of the new version, not the whole document. Feedback If you spot a possible improvement then please let us know. We always interested in improving product quality. Feedback should be send to You should include the following: Exam number, version, page number, question number, and your login ID. Our experts will answer your mail promptly. Copyright Each PDF file contains a unique serial number associated with your particular name and contact information for security purposes. So if we find out that a particular PDF file is being distributed by you, Prepking reserves the right to take legal action against you according to the International Copyright Laws. Explanations This product does not include explanations at the moment. If you are interested in providing explanations for this exam, please contact    

1. What happens when AppScan generates an Industry Standard report? A. It maps the discovered vulnerabilities to a set of industry-specific checkpoints. B. It generates and executes industry-specific tests. C. It provides industry-specific advisories. D. It applies an industry-specific test policy. Answer: A

2. How can you specify what information is included in an AppScan report? A. By specifying particular tests B. By selecting / deselecting individual items of information C. By exploring manually D. By creating custom tests Answer: B

3. Which AppScan user interface provides relevant information about how AppScan tests for a particular vulnerability? A. Application Tree B. Request / Response C. Advisory D. Application Data E. Remediation Tasks View F. Security Issues View Answer: B

4. Which AppScan feature is used to verify that AppScan is still logged in to the application during scanning? A. In-session detection B. Manual Explore C. Automatic Explore D. Automatic Form Fill    

Answer: A

5. What information does the 'Difference' displayed in the Request / Response tab provide? A. The difference between two tests B. How AppScan constructed the test HTTP request C. How the vulnerability was resolved D. How the web application page has been modified from its previous version Answer: B

6. What does AppScan do when the user selects the Automatic Explore option? A. Performs delta analysis automatically B. Tests automatically for privilege escalation vulnerabilities C. Follows all web application links automatically D. Generates an OWASP top 10 report automatically Answer: C

7. Which is not a use case for Manual Explore? A. Scan specific pages B. Execute specific tests C. Navigate through complex sites D. Follow a particular functional path Answer: B

8. Which feature does AppScan provide that takes the user through the steps for creating a new scan? A. A wizard B. A workflow C. A policy D. A report Answer: A    

9. How does Web Services Explorer use the web service WSDL file? A. Generates the necessary security tests B. Builds a simple UI so that the user can interact with the web service C. Generates a security report D. Authenticates AppScan to the Web Application Answer: B

10. Which type of information does the Fix Recommendation tab contain? A. Code samples B. Vulnerability description C. Regulatory compliance information D. Description of the executed test Answer: A

11. Which two are AppScan scan stages? A. Generate reports, Execute JavaScript B. Execute JavaScript, Explore C. Explore, Test D. Test, Generate Reports Answer: C

12. Which AppScan tests expose vulnerabilities in the web server, web server configuration and third-party components? A. Invasive tests B. Application tests C. Infrastructure tests D. Non-invasive tests Answer: C

13. Which statement about AppScan is true?    

A. AppScan tests a Web application by sniffing network traffic. B. AppScan tests a Web Application by sending HTTP requests. C. AppScan tests a Web Application by performing code analysis. D. AppScan tests a Web Application by performing a port scan. Answer: B

14. What is the recommended AppScan login method when a web site requires form-based authentication? A. Use automated login B. Record a login sequence C. Configure the proxy settings D. Explore manually Answer: B

15. Which of the following features enables the integration of data with other software applications? A. Collecting Web application data B. Recording scan progress information C. Exporting scan results to XML D. Creating scan templates Answer: C

16. Based on the explore settings specified by the user, AppScan _____. A. traverses the application B. generates the appropriate reports C. executes the appropriate tests D. tests for privilege escalation Answer: A

17. Which AppScan user interface provides relevant information about the number of SQL injection vulnerabilities that were found? A. Application Tree    

B. Request / Response C. Advisory D. Application Data E. Remediation Tasks View F. Security Issues View Answer: F

18. What must you do to test every page of your web application? A. Include the appropriate AppScan tests B. Ensure proper application coverage C. Select the appropriate AppScan reports D. Use automatic explore Answer: B

19. What are functions of AppScan eXtensions? A. Customize AppScan to fit your processes; add small features to AppScan; integrate AppScan with other tools B. Create regulatory compliance reports; add small features to AppScan; create Test Policies C. Add small features to AppScan; test Web Services; create Developer Reports D. Integrate AppScan with other tools; create Test Policies; create Executive Reports Answer: A

20. Which of the following authentication methods is supported by AppScan? A. Form-based NTLM, Two-factor B. NTLM biometrics, Two-factor authentication C. Form-based, NTLM, biometrics D. Form-based, biometrics, Two-factor authentication Answer: A

21. In most cases, AppScan uses a variety of different tests to discover a single type of vulnerability. This is    

referred to as a test _____. A. Policy B. Variant C. Case D. HTTP Request Answer: B

22. What information does the 'Reasoning' displayed in the Request / Response tab provide? A. How to avoid this type of issue B. How AppScan constructed the test C. Why this issue causes non-compliance D. Why AppScan concluded that there is an issue Answer: D

23. Which AppScan report type relates to Sarbanes-Oxley Act, HIPPA and FISMA? A. WASC Threat Classification B. OWASP Top 10 C. Compliance D. Delta Analysis Answer: C

24. Which AppScan user interface provides relevant information about the parameters the application uses? A. Application Tree B. Request / Response C. Advisory D. Application Data E. Remediation Tasks View F. Security Issues View Answer: D    

25. You can create a new scan in AppScan based on a previously defined scan _____. A. policy B. report C. template D. data Answer: C

26. In the results, you encounter a vulnerability that you do not understand. Where in AppScan would you go to obtain information about this vulnerability? A. Remediation Tasks View B. Request / Response tab C. Advisory tab D. Fix Recommendation tab E. AppScan Log Answer: C

27. What does AppScan do when the user selects the Manual Explore option? A. Allows the user to test for vulnerabilities manually B. Allows the user to log in manually C. Allows the user to step through the application manually D. Allows the user to exclude links from the scan Answer: C

28. Which of the following types of information can be found in the AppScan advisories? A. Security risk description B. Original HTTP traffic C. Issue resolution recommendation D. Scan log data Answer: A    

100% Pass Guaranteed or Full Refund Word to Word Real Exam Questions from Real Test Buy full version of exam from this link below

Pass4sure 000-M24 dumps  

000-M24,000-M24 exam, 000-M24 exam questions,000-M24 dumps

Pass4sure 000-M24 dumps  

000-M24,000-M24 exam, 000-M24 exam questions,000-M24 dumps