Question: 1

An attacker opens a session on a website. The attacker then tricks someone into opening that same session with a phishing attack. The user accesses the website by using the session ID. The attacker now has the ability to hijack the session. Which type of attack is this?

A. cross-site scripting
B. session fixation
C. SQL Injection
D. horizontal escalation

Question: 2
Which statement is true about cross-site request forgery?

A. An application hides access to sensitive actions and fails to enforce authorization for certain actions.

B. Session tokens that are not protected are used to hijack an active session and assume the identity of a user.

C. It forces a user to execute unwanted actions on a web application in which they are currently authenticated.

D. An application provides direct access to objects based on user-supplied input.
Question: 3

A local bank has hired you to conduct a security evaluation of their online Web application. You discover in your findings that fund transfers are issued in a predictable fashion that is identical for all users. What type of attack does this this vulnerability expose the bank to?

A. inject flaws

B. cross-site reference forgery

C. insecure direct object access

D. broken authentication and session management
Question: 4

You visit a website that has security enabled through SSL. You notice that the application sets a cookie without the “secure” attribute during the encrypted session. Which statement is true about this scenario?

 

A. The cookie is only valid for the current session.

B. The cookie was set during a non-secure session.

C. The cookie is still secure.

D. The cookie might be sent during a non-secure session.
Question: 5

Name two locations where an attacker could target the session ID of a user who is logged on to a Web application.
(Please select ALL that apply)

 

A. a URL parameter

B. an HTML tag

C. a SQL injection

D. a cookie
Question: 6

Which type of Web application attack can actually take over a user's machine by exploiting browser vulnerabilities?

 

A. missing function level access control

B. unvalidated redirects and forwards

C. cross-site scripting

D. injection flaws
Question: 7

What type of attacks are Server Side Includes and LDAP Queries most susceptible to?

 

A. cross-site request forgery

B. injection flaws

C. unvalidated redirects

D. cross-site scripting
Question: 8

You are a web developer for your company. You create a new company website that uses a back-end database. The input from a web browser is sanitized before it gets queried on this database. Which type of vulnerability are you trying to prevent?

 

A. cross-site scripting

B. privilege escalation

C. buffer overflow

D. SQL Injection
Question: 9

You click on a link in a web browser to update your contact information on a website. Your web browser is redirected to a different website that appears to look the same as the one you were on. Which type of vulnerability causes this issue?

 

A. invalid redirect

B. horizontal escalation

C. cross-site scripting

D. session-fixation
Question: 10

You log in to a website to view an invoice and notice that the invoice number is in the URL of your account web page.
Which vulnerability is exposed by showing your user invoice number in the URL?

 

A. unencrypted session ID

B. insecure direct object reference

C. invalid redirect

D. cross-site scripting
Question: 11

Identify two statements that are true about conducting scans using the Breadth First mode for the automatic crawler.
(Please select ALL that apply)

 

A. It scans the first link of a page and follows it to subsequent levels.

B. Breadth First mode is known as vertical scanning.

C. All links on a page are scanned before going to the next level.

D. Breadth First mode is known as horizontal scanning.
Question: 12

From which section can you configure the default redundancy tuning options?

 

A. Parameters and Cookies

B. Explore Options

C. Content-Based Results

D. Environment Definition
Question: 13

Your test scans using Security AppScan Standard continue to fail. An error in the AppScan log shows that you cannot connect to the server. Identify two possible causes of these communication problems.
(Please select ALL that apply)

 

A. An antivirus application is blocking outgoing connections.

B. A personal firewall is blocking outgoing connections.

C. The JavaScript setting has not been enabled.

D. The case sensitivity option has not been enabled.
Question: 14

In what circumstance would you want to consider configuring the Redundancy tuning as an option?

 

A. when you want to scan multiple links at the same time on the start page then proceed to the next level

B. when the Web hosting server is clustered with two or more servers

C. when the Web application server is clustered with two or more servers

D. when the Website repetitively uses the same elements of source code numerous times
Question: 15

You want to perform a Depth First scan.
How many threads should you configure the scan to use?

 

A. one

B. two

C. five

D. ten
Question: 16

You are running a scan against a Windows web server.
What can you do to reduce scan time?

 

A. Disable the "Case Sensitivity" option.

B. Enable the "Execute JavaScript" option.

C. Increase the scan timeout.

D. Use a proxy server.
Question: 17

What are two examples of server misconfiguration that could expose vulnerabilities to an attacker?
(Please select ALL that apply)

 

A. blocking ports 80 and 443 on the Apache Hosting Server

B. providing detailed specific information in error messages

C. unutilized services on the server are not disabled

D. changing the default name of the server admin account
Question: 18

Which two selections demonstrate a vulnerability that an attacker could exploit in order to gain access to sensitive data?
(Please select ALL that apply)

 

A. Cookies set by a Web application are missing the "secret" attribute.

B. All information is sent using clear text to include older Web browsers.

C. A Web application is depending on a positive security model rather than relying on a given negative one.

D. All components of a Web application are available using HTTP or HTTPS, in order to ensure that the entire site is accessible.
Question: 19

What makes the exploitation of a cross-site forgery request attack possible?

 

A. A lower-level user account is able to access privileged account functions of an elevated user.

B. Directory browsing is enabled on a Web server, exposing various admin links to an attacker.

C. Session tokens are not properly protected by an encrypted connection.

D. The targeted vulnerable site does not properly validate the origin of the request.
Question: 20

You have been hired to assess the security weaknesses of a website managed by a local financial firm. You find that authorized user accounts are changing parameter values to directly refer to objects that these users are not authorized to access. Which type of attack does this scenario represent?

 

A. unvalidated redirects and forwards

B. cross-site request forgery

C. cross-site scripting

D. insecure data object reference
Question: 21

Which type of Web application attack is commonly associated with phishing?

 

A. insecure direct object reference

B. unvalidated redirects and forwards

C. cross-site request forgery

D. injection injections
Question: 22

Which selection is an example of Horizontal Privilege Escalation?

 

A. A college student accessed the student records of another student in the same class.

B. Direct access to administrative users was obtained by running two Web sessions simultaneously.

C. A guest at a hotel guessed the credentials of the default administrator logon of the Web server.

D. An online bank customer accessed site administrative functions of the online banking system.
Question: 23

What are two possible implications of a cross-site scripting attack? (Choose two.)
(Please select ALL that apply)

 

A. A web browser thinks that a script came from a trusted source, and the malicious script has accessed sensitive information retained by the browser and used with that site of origin.

B. Various records of a database have been compromised due to untrusted data sent to an interpreter as part of a command or query.

C. A session ID has been accurately predicted by an attacker, allowing them to access secure data under that active account.

D. The HTML content of a web page has been altered within a web browser.
Question: 24

You are conducting an audit for a health-related website for HIPPA compliance.
Which findings indicate that sensitive data is being exposed due to a lack of encrypted connections? (Choose two.)

(Please select ALL that apply)

 

A. Some of the URLs are exposing object references, such as primary keys or file names.

B. The URL that users utilize to log on to the company's website is https://CoferHealthcareSolutions.com/login.

C. Users of lesser privilege have access to the same functionality as DB administrators.

D. Cookies are being sent to the server in the form of clear text when users access the site.
Question: 25

What is the earliest stage in the software development life cycle where vulnerability testing should be introduced?

 

A. analysis and design

B. verification and testing

C. implementation

D. business modeling and requirements
Question: 26

You have just completed an audit of a company's Web server. Which two concerns need to be addressed and reconfigured in order to shore up possible server configuration vulnerabilities?
(Please select ALL that apply)

 

A. The operating system of the Web server hasn't been patched or updated in over a year.

B. The server is configured to disallow listings of directories containing scripts and textual contents.

C. There are select pages of the website containing sensitive data that are only accessible through HTTPS.

D. There are a number of ports open on the server for applications that have been deleted and are no longer used.
Question: 27

You have been hired to conduct an application risk evaluation for a financial website.
What is the first step you should take in this process?

 

A. Catalog the application assets of the website.

B. Assign the appropriate security work flows to the designated applications.

C. Rank the designated applications.

D. Evaluate the risk level of the designated applications.
Question: 28

What are two risks of performing automated security scans? (Choose two.)
(Please select ALL that apply)

 

A. HTML code within the site can become altered.

B. Glass box monitoring is disabled during the process.

C. User accounts may be modified or even deleted.

D. A denial of service may occur.
Question: 29

Which AppScan component is run as a desktop application?

 

A. Security AppScan Enterprise Dynamic Analysis Scanner

B. Security AppScan Standard

C. Security AppScan Source

D. Security AppScan Enterprise Server
Question: 30

You are going to utilize AppScan to test a web application that includes many Adobe Flash movies.
What would constitute manual exploration rather than automated?

 

A. Some of the Adobe Flash movies contain data entry fields that must be inputted manually.

B. The version of Adobe Flash used within the web application is not supported by AppScan.

C. There are no dynamically created web addresses with the Adobe Flash movies.

D. The Adobe Flash content within the application is embedded in a JavaScript context.
Question: 31

Select two ways to extend the capabilities of Security AppScan Standard.
(Please select ALL that apply)

 

A. Add the central repository feature of Security AppScan Enterprise Server.

B. Use the command line interface to integrate it into non-graphical environments.

C. Add the feature-rich .NET software development kit (SDK).

D. Add dynamic analysis for HTTP tampering.
Question: 32

You wish to use Security AppScan Standard to scan a Web application hosted within your organization. Why would using a manual scan rather than an automatic scan be the appropriate way to scan a Web form page that sends emails?

 

A. a manual scan can help prevent unintended email file changes

B. a manual scan repairs more errors than an automated scan

C. a manual scan finds more errors than an automated scan

D. a manual scan can help prevent unintended email floods
Question: 33

Which two statements are true concerning Dynamic Application Security Testing (DAST)?
(Please select ALL that apply)

 

A. DAST is used during the testing phase of the software life cycle.

B. DAST requires access to source code within the web application.

C. DAST is also referred to as white box testing.

D. DAST requires a starting point URL when scanning a web application.
Question: 34

Your team is developing a new website application for your organization.
Which security testing analysis technique should you use early in the development of the application?

 

A. automated analysis

B. hybrid analysis

C. static analysis

D. dynamic analysis
Question: 35

Select two functions of the Security AppScan Enterprise Server component?
(Please select ALL that apply)

 

A. It applies black box analysis for advanced security testing.

B. It serves as a central repository.

C. It provides a desktop application for users.

D. It provides a Web user interface.
Question: 36

You have a Web application on your Web server that you want to scan using Security AppScan Standard. What is a good test that will indicate if Security AppScan Standard can access the application?

 

A. Test if you can ping the Web server from the AppScan Desktop Client.

B. Test if you can browse the Web application directory in the central store from the given authorized Server.

C. Test if you can see the shared directory of the Web application from the Security AppScan Enterprise Server.

D. Test if you can access the Web application from a standard web browser.
Question: 37

What is a reason for performing an automatic form exploration first and then a manual exploration?

 

A. You can fill in any gaps in the testing.

B. The load on servers is reduced.

C. The total amount of scanning is lowered.

D. Important forms are targeted first.
Question: 38

Which two selections exemplify good practices for security scans using Security AppScan Standard?
(Please select ALL that apply)

 

A. Break the scans of large applications into logical pieces.

B. Initiate a complete test policy quickly in order to start resolving issues.

C. Run an initial complicated scan in order to establish an internal process.

D. Start out with a simple test policy, such as Developer Essentials.
Question: 39

You want to test a web application that saves information into a database.
Which outcome will occur if you run Security AppScan Standard on this application?

 

A. The database will contain inaccurate data after the test.

B. The application will experience a denial of service.

C. Other groups will not be able to test the application.

D. Many emails will be sent from the application.
Question: 40

What is a way to prevent SQL Injection Flaw attacks?

 

A. Ensure that all connections making requests to the database are using administrator level privileges.

B. Never use stored procedures that define the SQL code within the database itself.

C. Use strongly typed parameterized query APIs with placeholder substitution markers.

D. Always use highly defined error messages to notify users concerning SQL errors.
Question: 41

What is the simplest method of terminating a hijacked web session?

 

A. combining the source IP address of the user with the session ID

B. forcing re-authentication for users who are currently logged on

C. restricting users to a defined number of login attempts

D. inserting an unpredictable token in each HTTP into an active request
Question: 42

You have been hired by an online retailer to strengthen the security of their online retail system. You want to protect all application components from cross-site scripting. Which step would help protect them from this type of attack?

 

A. Any data that does not match a set of tightly constrained known good values should be rejected.

B. Users of the website should be encouraged to only use Internet Explorer as their web browser.

C. Website applications should always verify authorization to referenced objects.

D. Configure and enforce strong password recovery mechanisms for authorized users.
Question: 43

Which two selections define established ways to combat session hijacking?
(Please select ALL that apply)

 

A. displaying a session ID within a URL instead of using a cookie

B. combining the IP address of a user with the session ID

C. enforcing the use of modern Web browsers that automatically detect character encoding

D. enforcing re-authentication before allowing any changes to key account details
Question: 44

What is an example of a Positive Security Model to combat cross-site scripting?

 

A. By default, everything is considered "normal" and accepted traffic.

B. Use a mapping value rather than the actual URL as destination parameters.

C. A whitelist model denies everything that is not specifically allowed.

D. Blacklisted items are flagged as attack items.
Question: 46

Select two components that are located within the client tier of a multi-tier Web application.
(Please select ALL that apply)

 

A. HTML Presentation

B. MySQL

C. JavaScript

D. Pearl Scripts
Question: 47

You are a web developer for an online retailer. You create a new web application that allows customers to purchase items sold by the retailer. The traffic between a customer's computer and your web application is encrypted with SSL over HTTPS. Which statement is true, based on this scenario?

 

A. SSL will prevent SQL Injection.

B. Port 443 will protect the web application.

C. Remote execution is blocked.

D. Data is protected between the site and user.
Question: 48

You are currently using various security testing techniques for a web application security assessment concerning your company's online retail site. What is a characteristic of Black Box Testing?

 

A. The test is conducted with little or no information about the target other than the starting domain.

B. It provides a much greater analysis of the target when compared to simulation or gray box testing.

C. It emulates the perspective of an external attacker who is making an attack on the web application.

D. Known details such as access credentials or architecture diagrams could assist the testing process.
Question: 49

You are using the Scan Configuration Wizard and need to configure the Login Management page. The site that you are scanning's two-step authentication asks for human interaction for each log in Which login method should be used when human interaction is required for login?

 

A. automatic

B. prompt

C. recorded

D. none
Question: 50

You are using the Scan Configuration Wizard to create a Web application scan. You do not want your form page scanned as it could risk unnecessary emails being generated. How would you configure your scan in order to accomplish this?

 

A. Create an Exception, select "Regular Expression" and list the complete URL of the form page.

B. Create an Exclusion, select "Regular Expression" and list the complete URL of the form page.

C. Create an Exception, select "Full Path" and list the complete URL of the form page.

D. Create an Exclusion, select "Full Path" and list the complete URL of the form page.
Question: 51

You are reviewing the list of failed requests that resulted from the most recent AppScan that you conducted on your company's Web application. There are a number of "500 Internal Server Error" messages. What are two possible reasons for these error messages?
(Please select ALL that apply)

 

A. The scan indicates a connectivity error with the server.

B. The scan indicates unlicensed host server.

C. Invalid data is in the input fields.

D. A programming error has occurred.
Question: 52

You are using the Scan Configuration Wizard to create a scan. Which test policy will specifically test the Web server and its operating system?

 

A. infrastructure

B. application

C. noninvasive

D. invasive
Question: 53

Which two statements are true concerning the Result Expert processing phase?
(Please select ALL that apply)

 

A. It is run automatically after a full scan is complete.

B. The user is prompted to run it when issues of high security level are identified in the initial scan.

C. Processed scan results are added to the Information tab of the Details pane.

D. It must be run for any pages that filtered out during the Explore stage.
Question: 54

You are using the Scan Configuration Wizard to create a Web application scan. You have a starting URL of https://www.acme.com. You also have https://www.dilfordcorp.com listed in the additional servers and domains section. At the completion of the scan you find that www.difordcorp.com is not being included in the scan. What caused the missing listing?

 

A. The "Case Sensitive Path" option has been selected.

B. Scans can only be configured using HTTPS, as HTTP is not supported.

C. The "Scan only links in and below this directory" option has been selected.

D. The Automatic Explore mode is in Depth First mode.
Question: 55

You have reviewed the results of a recent AppScan that you ran for your company's Web application. You want to retest a number of issues over again, and compare the new data with the original scan results. How will the retest affect the data from the initial scan?

 

A. Both sets of data will be automatically assigned different file names.

B. The old data will be deleted automatically.

C. The old data will be appended with the new data results.

D. The old data will be automatically archived to the central store.
Question: 56

When AppScan Standard receives a response that might indicate a security vulnerability, which three actions will it perform automatically? (Choose three.)
(Please select ALL that apply)

 

A. rebuilds the application

B. creates a test (or tests) based on the response

C. notes the level of security risk involved

D. fixes the security risk involved

E. notes the validation rules needed to determine which results constitute vulnerability
Question: 57

What are three ways that Malware can be introduced into web applications? (Choose three.)
(Please select ALL that apply)

 

A. through websites while people browse

B. through emails

C. through downloaded content

D. through IBM AppScan

E. through compiling the web application
Question: 58

The "Fix Recommendation" tab contains fix recommendations for which three types of vulnerabilities? (Choose three.)
(Please select ALL that apply)

 

A. coding standard violations

B. PHP vulnerabilities

C. Infrastructure vulnerabilities

D. ASP .NET vulnerabilities

E. Java Platform vulnerabilities
Question: 59

After testing a web application, you have many concerns. You want to rerun the entire scan. You want to ensure that the previously-gathered explore details are retained. Which re-scan option will accomplish this goal?

A. Manual Explore

B. Re-Test

C. Re-Scan (full)

D. Re-Explore
Question: 60

What is another term for Dynamic Application Security Testing (DAST)?

A. glass box testing

B. gray box testing

C. white box testing

D. black box testing