Tag: security

Questions Related to security

Reviewing which detail gives the information that appscan completely covered all the urls of the application? Choose 3.
technology security

  1. Broken links

  2. Cookies

  3. Javascripts

  4. Visited URLs

Show answer
Correct Option: A,C,D

Out of 500 urls you see that appscan could visit only 55 urls. What do you think are the reasons? Choose 2 possible best answers
technology security

  1. Appscan could not login to your application

  2. Redundant path limit was set to 55

  3. Link limit was set to 500

  4. Additional servers and domains were not listed properly

Show answer
Correct Option: A,D

It’s advisable to run appscan in the preproduction environment. What do you think are the reasons? Select 2 answers.
technology security

  1. Don’t have to inform the application owner

  2. To prevent production database corruption

  3. To prevent user functionality disruption

  4. To reduce network traffic

Show answer
Correct Option: B,C

Before running a test its advisable to do the following. Select 3
technology security

  1. Inform the user population about the test

  2. Inform the QA and system administers about the test

  3. Backup the database

  4. Shut down the configured SMPT servers

Show answer
Correct Option: A,B,C

The ASAP process can applied at which phase of an application development for best results?
technology security

  1. During testing

  2. During development

  3. During all phases of development starting with requirement analysis and ending with rollout

  4. During design

Show answer
Correct Option: C

In the ASAP process what is the main activity carried out in the requirement analysis phase?
technology security

  1. Capture the customer requirements

  2. Update the project plan

  3. Capture and update the URS and SRS with security requirements for the project

  4. None of the above

Show answer
Correct Option: C

Who has the responsibility for remediation of the security vulnerabilities discovered during application security testing?
technology security

  1. ASAP Team

  2. Development Team

  3. Testing Team

  4. Project Management

Show answer
Correct Option: B

What are the different types of engagement models available for ASAP?
technology security

  1. Time and Money, Fixed price

  2. Offshore, Onshore, Offshore-Onshore

  3. Full-Fledged, Staggered, Fast Track

  4. None of the above

Show answer
Correct Option: C

As part of ASAP what type of analysis is performed during the design and build phase?

technology security

  1. Dynamic code analysis

  2. Static code analysis

  3. Both

  4. None

Show answer
Correct Option: B

What type of testing is done by ASAP team during the testing and rollout phase?

technology security

  1. Integration testing

  2. System testing

  3. Penetration testing

  4. Unit testing

Show answer
Correct Option: C