C2150-810無料問題集「IBM Security AppScan Source Edition Implementation」

質問 1

You are reviewing an online shopping application and find a lost sink method called combineltemListsf..,) that is provided by a third-party shopping framework. This method combines two lists of items (provided as arguments) into one.
Which type of custom rule do you need to create for this method?

（A）Taint Propagator

（B）Not Susceptible to Taint

（C）Sink

（D）Tainted Callback

（E）Source

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

You are reviewing a banking application and find a lost sink method called performTransactionf...) that sends requested transaction information (bill payment, fundstransfer, etc) to the back-end COBOL application running on IBM System z mainframe that actually moves the money.
Which type of custom rule should you create for this method?

（A）Taint Propagator

（B）Not Susceptible to taint

（C）Sink

（D）Tainted Callback

（E）Source

正解：D 解答を投票する

質問 3

How are safe sources dismissed during the triage process?

（A）Set a Trace filter to remove any findings that originated from the safe source.

（B）Set all the sinks originated from the safe source to NST.

（C）Set a Vulnerability Type filter to remove any findings that originated from the safe source.

（D）Set a Classification filter to remove any findings that originated from the safe source.

正解：C 解答を投票する

質問 4

When reviewing an application, you discover methods that are not called directly by the application.
Which rule should be applied in order to scan this code?

（A）Add the method as taint propagator.

（B）Add the method as source.

（C）Add the method as not a validation routine.

（D）Add the method as tainted call back.

正解：C 解答を投票する

質問 5

When scanning .NET assemblies, what is the likely cause of missing line of code information from the findings?

（A）A valid Visual Studio solution file (.sin) is not present on the file system and in the same directory as the .NET assembly files.

（B）The version of Visual Studio used to develop the application and corresponding projects is not installed in the scanning environment.

（C）msdia80.dll is not present and registered on the file system.

（D）pdb files are not generated and present with complete debug info for each target executable or DLL configured in the scan.

正解：B 解答を投票する

C2150-810 無料問題集「IBM Security AppScan Source Edition Implementation」

弊社を連絡する

関連リンク

トップ試験