IBM 000-139

000-139 AppScan Standard Edition

Practice Test
Version 1.0
 IBM 000-139: Practice Exam
QUESTION NO: 1

Which type of vulnerability can occur when a developer exposes a reference to an internal
implementation object, such as a file, directory, database record, or key, as a URL or form
parameter?

A. Cross-site Scripting
B. Insecure Direct Object Reference
C. Injection Flaw
D. Cross Site Request Forgery

Answer: B

QUESTION NO: 2

m
After 30 minutes your scan stops with an out-of-session error. What is a possible cause of this
error?

A. Redundant path limit was too low.

.co
B. A parameter was not tracked.
sts
C. Flash parsing was turned off.
D. Platform authentication was not configured.
lTe

Answer: B
tua

QUESTION NO: 3

AppScan sent the following test HTTP request:

Ac

GET /web/content/index.php?file=/../../../../../../../../etc/passwd%00 HTTP/1.0

Cookie:
JSESSIONID=dqt0LSnfhdVyTJkCwTwfLQQSkTTGYX9D79tLLpT1yLQjVhSpZKP9!914376523;
customerLanguage=en
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)

Host: www.ibm.com
Although, there is no indication in the response about the existence of a password file, AppScan
reported vulnerability with the following reasoning:
Global Validation found an embedded script in the response (<script>alert(25053)</script>), which
was probably injected by a previous test.

"Pass Any Exam. Any Time." - www.actualtests.com 2

 IBM 000-139: Practice Exam
The presence of this script in the site suggests that the application is vulnerable to which type of
attack?

A. Stored Cross-site Scripting

B. Cross-site Scripting
C. Namazu Path Traversal
D. Directory Listing

Answer: A

QUESTION NO: 4

What information does difference displayed in the Request / Response tab provide?

A. the difference between two tests

m
B. how the vulnerability was resolved
C. howAppScan constructed the test HTTP request
.co
D. how the Web application page has been modified from its previous version

Answer: C
sts

QUESTION NO: 5
lTe

You are scanning a Web site in a pre-production environment. You notice that your scan is
running very slowly and there are numerous communication errors. What would you do to resolve
tua

the problem?

A. increase the number of threads and decrease the timeout limit

Ac

B. decrease the number of threads and increase the timeout limit

C. increase the number of threads and increase the timeout limit
D. set the timeout to 0 for infinite timeout

Answer: B

QUESTION NO: 6

Which type of vulnerability allows an attacker to execute a malicious script in a user browser?

A. Cross-site Scripting
B. Injection Flaw
C. Insecure Direct Object Reference

"Pass Any Exam. Any Time." - www.actualtests.com 3

 IBM 000-139: Practice Exam
D. Failure to restrict URL access

Answer: A

QUESTION NO: 7

Which statement is true about infrastructure vulnerabilities?

A. They are caused by insecure coding and are fixed by modifying the application code.
B. They are detected using application security scanners and exist in the Web application.
C. They are known vulnerabilities and are fixed by modifying the application code.
D. They exist in third-party components and are fixed by applying security patches.

Answer: D

m
QUESTION NO: 8

What does secure session management require?

.co
sts
A. session tokens that are given long lifetimes
B. session tokensthat are invalidated when the user logs out
C. session tokensthat are persistent
lTe

D. session tokens that are numeric

Answer: B
tua

QUESTION NO: 9
Ac

Your site contains the following URL:

http://www.mycompany.com/smb/default.jsp?page=wireless productID=65343,
In this URL, the page parameter defines a unique page and the productID parameter defines a
different product page, based on a template.
How would you configure AppScan to thoroughly explore this site while avoiding redundant URLs?
(Choose two.)

A. ensure JavaScript Execute is turned on

B. ignore the page parameter
C. turn off Redundant Path limit
D. track the page parameter
E. Track theproductID parameter
F. Ignore theproductID parameter

"Pass Any Exam. Any Time." - www.actualtests.com 4

 IBM 000-139: Practice Exam
Answer: C,F

QUESTION NO: 10

You are scanning a Web application in a pre-production environment. During your initial
assessment, you notice that some of the links are specified by IP and some by host name. Your
starting URL contains an IP address, http://12.34.56.67/default.jsp. When the scan completes, you
discover that it has not covered a significant portion of your Web application. What could be the
reason?

A. The host name is not added to the list of additional domains and servers.
B. The scan is configured to use only one connection.
C. There is no route to IP 12.34.56.67.
D. You are not licensed to scan IP 12.34.56.67.

m
Answer: A
.co
QUESTION NO: 11
sts

You expect your scan to cover around 500 pages, but instead it covers 55. What are three
possible reasons for this? (Choose three.)
lTe

A. You chose the wrong test policy.

B. The login failed.
C. You specified only one connection.
tua

D. JavaScript Execution was not enabled.

E. The redundant path limit was set too low.
Ac

Answer: B,D,E

QUESTION NO: 12

Which lines in an HTTP response would trigger a positive result from an

AppScan test for a vulnerability of type Possible Server Path Disclosure Pattern Found?

A. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
B. <!--#include file="file.htm"-->
C. d:\backup\website\oldfiles
D. ./images/header/ibm/logoBigBlue.jpg

"Pass Any Exam. Any Time." - www.actualtests.com 5

 IBM 000-139: Practice Exam
Answer: C

QUESTION NO: 13

Which Web application operation indicates that the application may be vulnerable to Cross-site
Request Forgery?

A. GETtransferfunds.aspx?sacct=3434dacct=56745formtoken= YUR345
B. GETsendemail.aspx?address=jsmith@dfg.com subject=hello content=
C. GET search.aspx text=ersonal banking
D. GET login.aspx

Answer: B

m
QUESTION NO: 14

How does in-session detection work?

.co
A. checks if the in-session pattern is present in every test response you receive from the site
sts
B. pings the application every 5 seconds and verifies the connection
C. sends the in-session detection request every 5 seconds and verifies that the in-session pattern
exists
lTe

D. updates the session token values to ensure that the user is still logged in

Answer: C
tua

QUESTION NO: 15
Ac

Which three steps should you take before running a security scan with AppScan? (Choose three.)

A. notify application users

B. notify IT and Web Operations teams
C. backup your database
D. disable employed SMTP server
E. ensure only one thread is specified in theAppScan configuration
F. ensure that you have specified which reports you want to create

Answer: B,C,D

QUESTION NO: 16

"Pass Any Exam. Any Time." - www.actualtests.com 6

 IBM 000-139: Practice Exam
Which statement is true about network firewalls preventing Web application attacks?

A. Network firewalls cannot prevent attacks because ports 80 and 443 must be open.
B. If configured properly, network firewalls can prevent attacks.
C. Network firewalls cannot prevent attacks because it is too complex to configure.
D. Network firewalls can prevent attacks because they can detect malicious HTTP traffic.

Answer: A

QUESTION NO: 17

Which username/passwords combination would NOT be reported as predictable by AppScan?

A. admin/admin
B. johnr/Na2acrA

m
C. user1/password
D. johnr/nascar

Answer: B
.co
sts

QUESTION NO: 18
lTe

When would you set up a multi-step operation in AppScan?

A. when your application requires specific user input

tua

B. when your application requires JavaScript execution

C. when your application requires a specific flow
D. when your application has two-factor authentication
Ac

Answer: C

QUESTION NO: 19

What does a Cross-site Scripting vulnerability allow an attacker to do?

A. execute a malicious script on the Web server

B. change the Web server configuration
C. steal a user session tokens
D. drop database tables

Answer: C

"Pass Any Exam. Any Time." - www.actualtests.com 7

 IBM 000-139: Practice Exam
QUESTION NO: 20

AppScan belongs to which category of vulnerability assessment tools?

A. Host Scanners
B. Network Scanners
C. Black-Box Scanners
D. White-Box Scanners

Answer: C

QUESTION NO: 21

What are two reasons why it is recommended that a Web application be scanned in a
preproduction environment? (Choose two.)

m
A. to avoid having to notify the application owner
B. to improve scan performance
C. to avoid service interruption
.co
D. to obtain more accurate results
sts
E. to avoid corruption of the production database

Answer: C,E
lTe

QUESTION NO: 22
tua

What is indicative of Information Leakage vulnerability?

A. When the user logs in, hello, username!is displayed.

Ac

B. The exception call stack is displayed.

C. The message incorrect username or password!is displayed.
D. The message script error: Please contact the Web site administrator!is displayed.

Answer: B

QUESTION NO: 23

In the AppScan Application Data view, what can help you determine if your application was fully
explored? (Choose two.)

A. Visited URLs
B. JavaScripts

"Pass Any Exam. Any Time." - www.actualtests.com 8

 IBM 000-139: Practice Exam
C. Cookies
D. Broken links

Answer: A,D

QUESTION NO: 24

AppScan received the following test response:

An Error Has Occurred

Summary:
Syntax error in string in query expression 'userid = ''. Error Message:
System.Data.OleDb.OleDbException: Syntax error in string in query expression 'userid = ''. at
System.Data.OleDb.OleDbCommand.ExecuteCommandTextForSingleResult(tagDBPARAMS

m
dbParams, Object executeResult) at ?
Which type of vulnerability does this error message indicate?

A. SQL Injection
.co
B. Blind SQL Injection
sts
C. XSS
D. Possible Server Path Disclosure Found
lTe

Answer: A
tua

QUESTION NO: 25

When can an injection type attack occur?

Ac

A. when the database is set up on a server outside the demilitarized zone

B. when an error message is generated by the Web server
C. when user-supplied data is sent to an interpreter as part of a command, query, or data
D. when too many users have ADMIN credentials to the Web server console

Answer: C

QUESTION NO: 26

Which statement is true about application-specific vulnerabilities?

A. They exist in third-party components and are fixed by applying security patches.
B. They are caused by insecure coding and are fixed by modifying the application code.

"Pass Any Exam. Any Time." - www.actualtests.com 9

 IBM 000-139: Practice Exam
C. They are detected using application security scanners and exist in third-party components.
D. They are known vulnerabilities and are fixed by modifying the application code.

Answer: B

QUESTION NO: 27

What are the implications of Malicious File Execution vulnerabilities?

A. user impersonation and authentication bypass

B. authentication bypass and site defacement
C. site defacement and complete takeover of the application
D. complete takeover of the application and user impersonation

Answer: C

m
QUESTION NO: 28
.co
Where can you find details about a test AppScan executed during a scan?
sts

A. in the Application Data view

B. in the Request/Response view
lTe

C. in the Original HTTP Traffic view

D. in the Fix Recommendation view
tua

Answer: B
Ac

QUESTION NO: 29

If the URL to your home page is http://domain.com and it redirects to http://www.domain.com,

how would you configure your scan?

A. do not do anything
B. configure theAppScan proxy settings
C. addwww.domain.com to the list of additional domains
D. edit your DNS settings

Answer: C

"Pass Any Exam. Any Time." - www.actualtests.com 10

 IBM 000-139: Practice Exam
QUESTION NO: 30

Which type of vulnerability allows an attacker to browse files that shouldn be accessible (e.g.
*.bak, "Copy of", *.inc, etc.) or pages restricted forWhich type of vulnerability allows an attacker to
browse files that shouldn? be accessible (e.g. *.bak, "Copy of", *.inc, etc.) or pages restricted for
users with higher privileges?

A. Insecure Cryptographic Storage

B. Injection Flaw
C. Failure to Restrict URL Access
D. Insecure Communication

Answer: C

QUESTION NO: 31

m
Which HTTP response codes trigger Application Error vulnerabilities?

A. 500
.co
B. 302
sts
C. 403
D. 200
lTe

Answer: A
tua

QUESTION NO: 32

AppScanreported a large number of idden files, which you know do not exist on your Web server.
Ac

What is the likely cause?

A. You did not define a custom error page.

B. AppScan created all these files on the server.
C. You did not exclude third-party domains.
D. Somebody put the files on the server.

Answer: A

QUESTION NO: 33

How does an attacker exploit Web application vulnerabilities?

A. by hacking the firewall

"Pass Any Exam. Any Time." - www.actualtests.com 11

 IBM 000-139: Practice Exam
B. by installing viruses on a usermachineby installing viruses on a user? machine
C. by sending malicious HTTP requests
D. by sniffing the traffic between a user and the Web server

Answer: C

QUESTION NO: 34

Which AppScan report type relates to Sarbanes-Oxley Act, HIPPA and FISMA?

A. Compliance
B. WASC Threat Classification
C. OWASP Top 10
D. Delta Analysis

m
Answer: A

.co
QUESTION NO: 35
sts
An AppScan test successfully embedded the following lines in an HTTP response header (in

bold):
lTe

HTTP/1.1 200 OK
Content-Length: 5710
tua

Connection: close
Date: Wed, 07 May 2008 19:36:28 GMT
Ac

Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727

Set-Cookie: lang=Foobar
AppScanHeader: AppScanValue/1.2-3
SecondAppScanHeader: whatever; path=/

Cache-Control: private
Content-Type: text/html; charset=utf-8
Which type of vulnerability does this indicate?

A. Cross-site Scripting

"Pass Any Exam. Any Time." - www.actualtests.com 12

 IBM 000-139: Practice Exam
B. XPath Injection
C. HTTP Response Splitting
D. SQL Injection

Answer: C

QUESTION NO: 36

How can an attacker use the information gained by an SQL debug message?

A. steal sensitive information from other users

B. run scripts on other users' browsers
C. alter the communication protocol used by the site
D. can potentially understand the query's structure

m
Answer: D

.co
QUESTION NO: 37
sts
Which type of parameters does AppScan manipulate when testing a .Net Web Service

A. JSON parameters
lTe

B. All custom parameters

C. SOAP parameters
D. POST parameters
tua

Answer: C
Ac

QUESTION NO: 38

AppScan identified a Blind SQL Injection vulnerability in your Web application by sending three

requests, all of which modify the searchText parameter in the following way:

HTTP request 1: 1234 and 'foobar'='foobar'

HTTP request 2: 1234 and 'boofar'='foobar'

HTTP request 3: 1234 or 'barfoo'='foobar'

Upon reviewing the three responses, you notice that response 1 and response 3 are identical and
response 2 only differs in the fact that the date and time on the page changed (i.e. 23:59 Dec 31,
2008 to 00:01 Jan 1, 2009).
What do you conclude from this information?
"Pass Any Exam. Any Time." - www.actualtests.com 13
 IBM 000-139: Practice Exam
A. This is a false positive.
B. This is an actual vulnerability.
C. No conclusions can be made, given the information provided.
D. AppScan failed to log in.

Answer: A

QUESTION NO: 39

After scanning your site with AppScan, you notice that your password was changed to 234. What
most likely happened?

A. One of theAppScan tests hacked your account and changed the password.
B. AppScan followed the Reset Password link.
C. AppScan submitted the change password form.

m
D. Your system admin changed your password during the scan.

Answer: C
.co
sts

QUESTION NO: 40

What is the problem with the following session pattern? Good morning, John!
lTe

A. The pattern does not match the session token pattern.

B. This in-session pattern can change on the site.
tua

C. This in-session pattern can be changed in the scan configuration.

D. Multiple threads can parse this string incorrectly.
Ac

Answer: B

QUESTION NO: 41

Your site contains the following URL:

http://www.mycompany.com/smb/default.jsp?page=wireless

In this URL, the Page parameter defines a unique page.

How would you configure AppScan to fully explore this site?

A. turn off Redundant Path limit

B. ensure JavaScript Execute is turned on

"Pass Any Exam. Any Time." - www.actualtests.com 14

 IBM 000-139: Practice Exam
C. ignore the Page parameter
D. track the Page parameter

Answer: A

QUESTION NO: 42

How do you test a Web service with AppScan?

A. interact with the Web service methods manually and then runAppScan to send the generated
tests automatically
B. explore the Web service automatically and then manually sends the generated tests one by
one
C. create a Python script for testing the service
D. explore the Web service automatically and then runAppScan to send the generated tests

m
automatically

Answer: A
.co
sts

QUESTION NO: 43

In which three areas does AppScan test for vulnerabilities?

lTe

A. the network layer, the web application, the web server

B. the operating system, the web application platform, the database
tua

C. the web application, the web server, the web application platform
D. the web application platform, the network layer, the web server
Ac

Answer: C

QUESTION NO: 44

To construct a test, AppScan changed an HTTP request by removing the File

CFileand First_name parameters and changing the value of the Email_address mail_address
parameter to
"><script>alert(23443)</script>">
Which type of vulnerability is AppScan testing for?

A. SQL Injection
B. XPath Injection
C. Cross-site Scripting

"Pass Any Exam. Any Time." - www.actualtests.com 15

 IBM 000-139: Practice Exam
D. Possible Server Path Disclosure Found

Answer: C

QUESTION NO: 45

Which three actions should you take if your application requires form-based authentication?
(Choose three.)

A. record a login sequence

B. configure platform authentication
C. configure client-side certificates
D. ensure that in-session detection is enabled and properly configured
E. ensure that all session tokens are being tracked
F. reduce the number of threads to one

m
Answer: A,D,E
.co
QUESTION NO: 46
sts

What information does reasoning displayed in the Request / Response tab provide?
lTe

A. how to avoid this type of issue

B. whyAppScan concluded that there is an issue
C. howAppScan constructed the test
tua

D. why this issue causes non-compliance

Answer: B
Ac

QUESTION NO: 47

How does AppScan test a Web application?

A. by sniffing network traffic

B. by scanning the Web server host machine
C. by performing a port scan
D. by sending HTTP requests

Answer: D

"Pass Any Exam. Any Time." - www.actualtests.com 16

 IBM 000-139: Practice Exam
QUESTION NO: 48

What happens when AppScan generates an Industry Standard report?

A. It generates and executes industry-specific tests.

B. It maps the discovered vulnerabilities to a set of industry-specific checkpoints.
C. It provides industry-specific advisories.
D. It applies an industry-specific test policy.

Answer: B

QUESTION NO: 49

Which defense is most reliable in protecting a Web application from being hacked?

m
A. set up an application firewall
B. use SSL encryption
C. set up an Intrusion Detection System
D. write secure code
.co
sts
Answer: D
lTe

QUESTION NO: 50

You notice that when you run your scan, your login account gets locked out. How can you resolve
tua

the issue?

A. disables tests on your login and logout pages

B. disable JavaScript execute
Ac

C. reduce the number of threads

D. increase the timeout limit

Answer: A

QUESTION NO: 51

Directories containing sensitive files must be hidden from the user. What is the best way to hide
the existence and content of such a directory?

A. configure your Web server to issue a response:403 ?Access forbidden

B. configure your Web server to issue a response: 302 - Redirect to home
C. list the directory contents

"Pass Any Exam. Any Time." - www.actualtests.com 17

 IBM 000-139: Practice Exam
D. configure your Web server to issue a response: 404 - Not Found

Answer: D

QUESTION NO: 52

Why is it important to encrypt the HTTP traffic for an authenticated connection between a client

and Web server?

A. to prevent SQL injection

B. to prevent sensitive information from being stolen
C. to prevent Cross-site Scripting
D. to prevent Web site defacement

m
Answer: B

.co
sts
lTe
tua
Ac

"Pass Any Exam. Any Time." - www.actualtests.com 18