|
Question 1. Which type of vulnerability can occur when a developer exposes a reference to an internal implementation object, such as a file, directory, database record, or key, as a URL or form parameter? A. Cross-site Scripting B. Insecure Direct Object Reference C. Injection Flaw D. Cross Site Request Forgery Answer: B Question 2. After 30 minutes your scan stops with an out-of-session error. What is a possible cause of this error? A. Redundant path limit was too low. B. A parameter was not tracked. C. Flash parsing was turned off. D. Platform authentication was not configured. Answer: B Question 3. AppScan sent the following test HTTP request: GET /web/content/index.php?file=/../../../../../../../../etc/passwd%00 HTTP/1.0 Cookie: JSESSIONID=dqt0LSnfhdVyTJkCwTwfLQQSkTTGYX9D79tLLpT1yLQjVhSpZKP9!914376523; customerLanguage=en Accept: */* Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) Host: www.ibm.com Although, there is no indication in the response about the existence of a password file, AppScan reported vulnerability with the following reasoning: Global Validation found an embedded script in the response (), which was probably injected by a previous test. The presence of this script in the site suggests that the application is vulnerable to which type of attack? A. Stored Cross-site Scripting B. Cross-site Scripting C. Namazu Path Traversal D. Directory Listing Answer: A Question 4. What information does difference displayed in the Request / Response tab provide? A. the difference between two tests B. how the vulnerability was resolved C. howAppScan constructed the test HTTP request D. how the Web application page has been modified from its previous version Answer: C Question 5. You are scanning a Web site in a pre-production environment. You notice that your scan is running very slowly and there are numerous communication errors. What would you do to resolve the problem? A. increase the number of threads and decrease the timeout limit B. decrease the number of threads and increase the timeout limit C. increase the number of threads and increase the timeout limit D. set the timeout to 0 for infinite timeout Answer: B Question 6. Which type of vulnerability allows an attacker to execute a malicious script in a user browser? A. Cross-site Scripting B. Injection Flaw C. Insecure Direct Object Reference D. Failure to restrict URL access Answer: A Question 7. Which statement is true about infrastructure vulnerabilities? A. They are caused by insecure coding and are fixed by modifying the application code. B. They are detected using application security scanners and exist in the Web application. C. They are known vulnerabilities and are fixed by modifying the application code. D. They exist in third-party components and are fixed by applying security patches. Answer: D Question 8. What does secure session management require? A. session tokens that are given long lifetimes B. session tokensthat are invalidated when the user logs out C. session tokensthat are persistent D. session tokens that are numeric Answer: B Question 9. Your site contains the following URL: http://www.mycompany.com/smb/default.jsp?page=wireless productID=65343, In this URL, the page parameter defines a unique page and the productID parameter defines a different product page, based on a template. How would you configure AppScan to thoroughly explore this site while avoiding redundant URLs? (Choose two.) A. ensure JavaScript Execute is turned on B. ignore the page parameter C. turn off Redundant Path limit D. track the page parameter E. Track theproductID parameter F. Ignore theproductID parameter Answer: C, F Question 10. You are scanning a Web application in a pre-production environment. During your initial assessment, you notice that some of the links are specified by IP and some by host name. Your starting URL contains an IP address, http://12.34.56.67/default.jsp. When the scan completes, you discover that it has not covered a significant portion of your Web application. What could be the reason? A. The host name is not added to the list of additional domains and servers. B. The scan is configured to use only one connection. C. There is no route to IP 12.34.56.67. D. You are not licensed to scan IP 12.34.56.67. Answer: A
|
Question 1. Which statements are true about the HP Storage Works Command View XP Advanced Edition CLI? (Select two.) A. CLI cannot be used for license management. B. Input can be single line entries or scripted batch files. C. CLI is a separately licensed product with the XP24000. D. When installed, the CLI is executed from the SVP in the array. E. CLI is used if a text-based interface is preferred over the GUI or when it is more efficient to run scripts or batch files to manage XP disk arrays. Answer: B, E Question 2. Where does the HP Storage Works Command View XP Advanced Edition management server store configuration and statistics information? A. out on the individual host agents B. in shared memory of the XP array C. on the SVPs of each array subsystem D. in a local database on the management server Answer: D Question 3. When must a customer use HP Storage Works Command View XP Advanced Edition over Remote Web Console XP? A. simple LUN management B. CLI based array management C. Business Copy XP management D. centralized management of multiple XP arrays Answer: D Question 4. A customer wants to manage their storage environment using HP Storage Essentials. Which XP device software tool is required to allow HP Storage Essentials to manage an XP24000 array? A. External Storage XP B. Remote Web Console XP C. LUN Configuration and Security Manager XP D. A separate software license is not required, as the capability is included in HP Storage Essentials Answer: D Question 5. Which additional features are added by HP Storage Works Command View XP Advanced Edition over Remote Web Console XP? (Select three.) A. array administration B. SNMP trap forwarding C. single sign-on user authentication D. logical grouping of storage capacity E. assignment of cache LUNs to hosts F. displaying host specific device information Answer: C, D, F Question 6. Which features offered through HP Storage Works Command View XP Advanced Edition are not available with Remote Web Console XP? (Select two.) A. reporting B. cache partitioning C. SNMP trap forwarding D. TSM and Replication Monitor E. automation of BC/CA HORCM file creation Answer: A, E Question 7. A customer wants to use the copy pair operations feature of HP Storage Works Command View XP Advanced Edition. What is required? (Select two.) A. a host agent B. RAID Manager XP C. an external database D. at least 32GB of cache Answer: A, B Question 8. Which XP array component transfers data between disk drives and cache memory? A. Disk Adapter (DKA) B. Shared Memory PCB C. Channel Adapter (CHA) D. Service Processor (SVP) Answer: A Question 9. A customer has a heterogeneous environment consisting of AIX and Solaris servers. Which software products can be used to implement an extended application failover solution? (Select two.) A. Metro Cluster B. ServiceGuard C. Cluster Extension XP D. Continuous Access XP E. LUN Security XP Extension Answer: C, D Question 10. What is the back-end architecture of the XP24000? A. Ultra SCSI B. Serial ATA C. FC-AL 4Gb D. FC-SW 2Gb Answer: C
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.