000 057 by Tw Pass

http://www.TwPass.com

000-057 IBM AppScan Source Edition

http://www.twpass.com/twpass.com/exam.aspx?eCode= 000-057

The 000-057 practice exam is written and formatted by Certified Senior IT Professionals working in today's prospering companies and data centers all over the world! The 000-057 Practice Test covers all the exam topics and objectives and will prepare you for success quickly and efficiently. The 000-057 exam is very challenging, but with our 000-057 questions and answers practice exam, you can feel confident in obtaining your success on the 000-057 exam on your FIRST TRY! IBM 000-057 Exam Features - Detailed questions and answers for 000-057 exam - Try a demo before buying any IBM exam - 000-057 questions and answers, updated regularly - Verified 000-057 answers by Experts and bear almost 100% accuracy - 000-057 tested and verified before publishing - 000-057 exam questions with exhibits - 000-057 same questions as real exam with multiple choice options Acquiring IBM certifications are becoming a huge task in the field of I.T. More over these exams like 000-057 exam are now continuously updating and accepting this challenge is itself a task. This 000-057 test is an important part of IBM certifications. We have the resources to prepare you for this. The 000-057 exam is essential and core part of IBM certifications and once you clear the exam you will be able to solve the real life problems yourself.Want to take advantage of the Real 000-057 Test and save time and money while developing your skills to pass your IBM 000-057 Exam? Let us help you climb that ladder of success and pass your 000-057 now!

000-057

QUESTION: 1 From which three places can remediation information be accessed for a finding? (Choose three.)

A. from the IDE using a developer plug-in B. from the Analysis view in the Security Interface C. from the Reporting Console D. from the AppScan Knowledgebase Web site E. from the Triage view in the Security Interface Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=1 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 2 Which three operating systems support all of the client components of AppScan Source Edition? (Choose three.)

A. OS X B. Solaris C. Windows 7 D. Windows XP E. Red Hat Enterprise Linux Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=2 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 3 Which company offers the primary competition to AppScan Source Edition?

A. Fortify/HP B. Veracode C. Microsoft D. Compuware Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=3 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 4 Why are users not able to create custom rules, set validators, and perform issue management from the IDE plug-ins?

A. because these tasks should be performed by specialists and applied consistently by

all users B. because rules and validators are not configurable C. because this planned functionality has not yet been extended to the plug-ins D. because the plug-ins do not communicate directly with the AppScan Core Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=4 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 5 Which approach to security testing is covered by AppScan Source Edition?

A. manual B. black box C. white box D. gray box Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=5 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 6 In which deployment configuration do developers routinely scan their code from an IDE plugin at their own convenience?

A. Late Stage B. Low Touch C. Center of Excellence D. Mature Deployment LDAP Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=6 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 7 What is HTTP response splitting?

A. changing Web pages in the cache to attack users B. overloading a server with excess information C. altering information, such as product prices, in hidden fields D. modifying cookies to gain access to other users accounts Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=7 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 8 What is the first step that should be taken once the Standard Desktop installation has completed?

A. set the admin password B. create the database user C. import custom filters D. import an application or environment Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=8 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 9 Which two statements are true about custom rules and markup? (Choose two.)

A. Users can create their own checks in any file using regular expressions and other techniques through a configuration screen. B. Users can mark up third-party libraries and custom code to determine which vulnerabilities they are concerned about. C. AppScan Source does not ship with markup for standard libraries and common frameworks, so users will need to mark up all libraries and methods they want as sources/sinks in order to get effective scan results. D. Users can mark up any file from IDE plug-ins or from a configuration screen in AppScan Source for Security. Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=9 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 10 Which customer situation signals a good opportunity for AppScan Source Edition?

A. They have an in-house team of security specialists. B. They are looking for the solution with the lowest price. C. Their application is just entering production. D. They are short on time due to delays in application development. Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=10 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 11 What is the term for a point of input to the application such as request parameters and database access?

A. root B. sink C. source D. non-validator Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=11 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 12 What are three valid steps to importing Java through an existing Eclipse workspace? (Choose three.)

A. click Edit > Preferences > Eclipse Workspace Importers and enter the appropriate information B. click File > Add Application > Existing Eclipse, Rad, or WSAD Workspace C. browse for the Eclipse directory during the initial installation of AppScan Source Edition for Security D. install the AppScan Source Edition Project Importer plug-in E. click File > Add Application > Existing Application Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=12 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 13 What are three advantages of AppScan Source Edition over solutions that scan a running instance of the Web application? (Choose three.)

A. smaller finding sets B. more complete coverage C. earlier in software lifecycle D. scan third-part applications E. scan unsupported source languages F. tighter integration into the build process Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=13 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 14 Which type of security analysis does AppScan Source Edition perform?

A. static analysis B. dynamic analysis C. infrastructure analysis D. external component analysis Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=14 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 15 What are two attack types that alter the command execution on the Web server by altering usersupplied data? (Choose two.)

A. brute force B. SQL injection

C. buffer overflow D. session fixation E. content spoofing Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=15 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 16 At which URL can one find a top ten list of Web application security risks?

A. www.owasp.org B. www.webappsec.org C. www.websectop10.org D. www.ibm.com/software/rational/offerings/websecurity/ Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=16 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 17 Which statement is true about the threat modeling process?

A. If done right, it should uncover all threats in a single pass. B. It is only effective during the design stage of the software development lifecycle. C. It was originally developed by IBM. D. It should be an iterative process as the application evolves. Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=17 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 18 What are two ways for a security analyst to import a .NET solution into AppScan Source Edition for Security? (Choose two.)

A. drag the .sln file into the Explorer pane B. click File > Add Application > Existing Application C. click File > Add Project > and follow the steps in the wizard D. click Tools > Application Import > and follow the steps in the wizard Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=18 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 19 Which type of analysis performed by AppScan Source Edition tracks data from source nodes through intermediate nodes and raises a finding whenever unvalidated data reaches a sink node?

A. data flow analysis B. dynamic analysis C. semantic analysis D. control flow analysis Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=19 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 20 What is contained in the AppScan Source Core?

A. Portfolio Manager B. Automation Server C. Security Knowledgebase D. Command Line Interface Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=20 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 21 Which three programming languages are supported by AppScan Source? (Choose three.)

A. C++ B. PHP C. Python D. Ruby E. Java/JSP Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=21 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 22 What are the two main roles of the software developer in a Center of Excellence deployment of AppScan Source Edition? (Choose two.)

A. remediate B. verify C. configure D. scan E. triage Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=22 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 23 Why are correlated results more likely to be valid security issues?

A. because they are found in multiple scans by multiple users B. because they are found by both dynamic and static analysis C. because they are known to be vulnerabilities in other applications D. because they are found with proper rules and validators in place Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=23 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 24 What are three valid ways to ensure Web application security at the session layer? (Choose three.)

A. add the session ID to the URL B. enforce any necessary sequencing C. automatically terminate unattended sessions D. create an application-level context mechanism E. allow security-conscious users to change their session ID Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=24 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 25 Which component of AppScan Source Edition is basically a dashboard that can be used to compare applications against one another, view trends, and identify recurring problem areas?

A. Reporting Console B. Source Core C. IDE Plug-ins D. Security Interface Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=25 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 26 Given the following threat modeling process: What is the missing step?

A. rate the threats B. repeat steps 1-5 C. scan the application D. map the threats in the data flow Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=26 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 27 Which statement is true about the AppScan Source competitor Veracode?

A. They are a factor mainly in Asia-Pacific deals. B. They are the major competitor in all geographies. C. They offer similar IDE integration to AppScan Source Edition. D. They focus strictly on software sales, not services. Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=27 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 28 What is a sink in AppScan Source Edition?

A. an input point to the application B. a vulnerable API C. any validation point along the flow of data D. a way to filter false positives Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=28 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 29 What is the most likely reason for buffer overflow attacks against a Web site?

A. denial of service B. phishing C. e-shoplifting D. session hijacking Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=29 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 30 Which two tasks are typically performed from the Triage perspective in the AppScan Source for Security interface? (Choose two.)

A. set a validator B. scan an application C. select and edit filters D. view a graph of vulnerabilities by type Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=30 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 31 Which activity is a best practice for the server running the production version of a Web application?

A. run the server in a demilitarized zone (DMZ) B. use the server to develop code C. run multiple applications on the same server D. administer the server remotely Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=31 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 32 What is a good way to ensure that third-party tools used in a Web application are secure?

A. avoid freeware and open source software B. use demos or sample applications until the tools are confirmed safe C. wait several months before installing updates and patches D. segregate third-party tools from the rest of the application, if possible Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=32 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 33 Which two installation types can be used to install the AppScan Source command line interface? (Choose two.)

A. Standard Desktop B. Server C. Client D. Minimal Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=33 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 34 An organization has no in-house security expertise and are just looking for a one-time assessment. Which AppScan solution best meets their needs?

A. AppScan Source Edition B. AppScan Enterprise Edition C. AppScan Standard Edition D. AppScan OnDemand Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=34 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 35 The Ounce Labs acquisition solidifies IBM s position in which quadrant of the Gartner Magic

Quadrant?

A. leaders B. visionaries C. challengers D. niche players Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=35 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 36 Which phase in the Web application lifecycle involves deploying the application and beta testing for security and performance?

A. inception B. elaboration C. construction D. transition Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=36 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 37 Which statement is true about integrating AppScan Source Edition with Visual Studio?

A. Visual Studio must already be on the system when AppScan Source is installed. B. The plug-in is installed from the Visual Studio interface. C. The plug-in must be installed separately from the AppScan Source command line interface. D. AppScan Source Edition only integrates with older versions of Visual Studio. Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=37 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 38 Which statement is true about encrypting a Web application transaction?

A. The application architecture should create dependencies on the encryption itself. B. Hyperlinks should always contain the https:// prefix. C. IP addresses should be used in place of host names for flexibility. D. It is necessary to encrypt complete transactions using SSL. Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=38 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 39

Which statement is true about how "Webification" has changed the current security landscape?

A. Agents and heavy clients are becoming more acceptable. B. Infrastructure has become more abstract and less defined. C. More and more organizations are avoiding Web interfaces for their applications. D. Traditional defenses are more important than ever. Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=39 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 40 What is the basic AppScan Source Edition workflow?

A. Scan > Triage > Assign > Remediate B. Assign > Scan > Remediate > Monitor C. Configure > Triage > Remediate > Monitor D. Scan > Configure > Monitor > Assign Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=40 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 41 Which two AppScan components are required to automate security scans in the build environment? (Choose two.)

A. Reporting Console B. Source Core C. Source for Remediation D. Source for Automation Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=41 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 42 Which two tasks are best performed through the Security Interface component of AppScan Source Edition? (Choose two.)

A. triage scan results B. configure code bases to be scanned C. manage portfolio risk D. run scans directly from each programmer s workstation Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=42 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 43

Which competing company offers an appliance-based solution and is mainly a factor in AsiaPacific deals?

A. Veracode B. Armorize C. Fortify D. Compuware Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=43 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 44 What are the top two Web application security risks? (Choose two.)

A. injection B. cross-site scripting C. malicious file execution D. unvalidated redirects and forwards Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=44 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 45 What is the typical purpose of the Standard Desktop installation of AppScan Source Edition?

A. to install only the client components on one or multiple workstations B. to integrate with bug tracking and build systems C. to be used by a single security analyst working entirely on a single workstation D. to ensure that AppScan Source is installed on a secure workstation and not a laptop Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=45 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 46 A customer asks if AppScan Source Edition supports their specific source code management system. What is the best way for the sales representative to respond?

A. We integrate directly and seamlessly into most source code management systems. B. We integrate directly with their build systems, allowing them to preserve any required source code management workflows. C. They will probably have to change their source code management workflow, along with a few other unsecure processes. D. A powerful source code management system comes packaged with AppScan Source Edition. Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=46

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 47 Which button on the console shows any errors that occurred during a scan?

A. Option A B. Option B C. Option C D. Option D Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=47 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 48 What are the two best ways of optimizing the number of findings generated by an AppScan Source scan? (Choose two.)

A. exclude trusted sources B. define validators in the data flow C. scan files one at a time D. break the application into smaller sections for scans Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=48 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 49 What are the two database options when installing the AppScan Source server? (Choose two.)

A. IBM soldDB B. Oracle Server C. Microsoft SQL Server D. Informix Dynamic Server Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=49 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 50 Which assumption is safe to make when considering the security of a Web application?

A. Anything a user can theoretically manipulate will be manipulated. B. Data that comes from a user can be trusted. C. A specific technology employed by a user will constrain their actions. D. The browser will effectively limit malicious actions. Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=50 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 51 Which perspective in the AppScan Source Edition for Security interface offers a high level view of scan findings?

A. Triage B. Analysis C. Dashboard D. Reporting Console Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=51 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 52 A customer asks if AppScan Source Edition supports dynamic code. What is the best way to respond?

A. We fully support dynamic code. B. We offer no support for dynamic code. C. We highlight all locations of dynamic code. D. Dynamic code very rarely presents a security vulnerability. Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=52 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 53 Which feature of AppScan Source Edition shows findings ranked by severity and confidence classification?

A. Vulnerability Matrix B. Assessment Summary C. Report View D. Analysis View Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=53 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 54 How is a scan launched from the Security Interface?

A. right-click an application in the Explorer pane and click Scan Application B. double-click an application in the Explorer pane C. click File > Add Application > Existing Application D. select an application in the Explorer pane and click File > Scan Application Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=54

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 55 In terms of discovery time, approximately how much more costly is fixing a security vulnerability after deployment than during design?

A. 3 times B. 10 times C. 15 times D. 30 times Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=55 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 56 What is the main cause of false positives becoming a problem?

A. difficulty setting a rule for validation B. corrupted configuration files C. poorly created filters D. messy source code Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=56 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 57 According to a 2008 Gartner study, what percent of attacks are directed at Web applications?

A. 25% B. 45% C. 75% D. 95% Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=57 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 58 Which two server components are required for an AppScan Source installation? (Choose two.)

A. Core B. Database C. Automation D. Portfolio Manager E. Reporting Console Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=58

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 59 What can be accessed from within AppScan Source Edition to get remediation advice for vulnerabilities?

A. Knowledgebase B. Vulnerability Matrix C. Reporting Console D. Core Database Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=59 -------------------------------------------------------------------------------------------------------------------------------------

QUESTION: 60 CORRECT TEXT Which statement is true about scanning a single file? a. It is recommencieci that files be scanned one at a time whenever they are mociifieci. B. It is unlikely to contain meaningful data flow. C. Scanning a single file usually takes longer than scanning an entire application. D. Two or more files must be selected to launch a scan.

Answer: http://www.twpass.com/twpass.com/exam.aspx?ecode=000-057&qno=60 -------------------------------------------------------------------------------------------------------------------------------------

TwPass Certification Exam Features; -

TwPass offers over 2500 Certification exams for professionals. More than 98,800 Satisfied Customers Worldwide. Average 99.8% Success Rate. Over 120 Global Certification Vendors Covered. Services of Professional & Certified Experts available via support. Free 90 days updates to match real exam scenarios. Instant Download Access! No Setup required. Price as low as $19, which is 80% more cost effective than others. Verified answers researched by industry experts. Study Material updated on regular basis. Questions / Answers are downloadable in PDF format. Mobile Device Supported (Android, iPhone, iPod, iPad) No authorization code required to open exam. Portable anywhere. Guaranteed Success. Fast, helpful support 24x7.

View list of All Exams (AE); http://www.twpass.com/twpass.com/vendors.aspx

Download Any Certication Exam DEMO. http://www.twpass.com/twpass.com/vendors.aspx

To purchase Full version of exam click below; http://www.TwPass.com/