Single Selection

1. What file is used to change the SCA working directory?

a. fortify-sca.properties
b. fortify.properties
c. sca.properties
d. fortify.conf
2. What is correct structure of a SCA command when using a compiler?
a. Sourceanalyzer -b <BuildID> <sourceanalyzer options> <compiler><compiler options>
b. Sourceanalyzer -b <BuildID><compiler><sourceanalyzer options><compiler options>
c. Sourceanalyzer -b <BuildID><sourceanalyzer options>
d. Sourceanalyzer -b <sourceanalyzer options>
3. What Linux command will help you to locate the ssc.log on a linux server?
a. Find ssc.log
b. Find -name ssc.log
c. Find -n ssc.log
d. Find -log ssc.log
4. What SSL protocol does LIM needs to be able to activate:
a. SSLv2
b. TLS 1.0
c. SSLv3
d. TLS 1.1
5. The user running the WIE sensor process must be:
a. Local admin account
b. Network service account
c. Network admin account
d. System account
6. In which file you can setup the proxy to update your rulepacks
a. Server.properties
b. Fortify.proxy
c. Server.sca.properties
d. Ruletemplates.properties
7. Will a WIE standalone server be able to connect to SSC?
a. Yes
b. No
8. Can you reconnect a WIE server who was previously connected to SSC back once you detach it?
a. No
b. Yes
9. How to change SSC back to “Maintenance mode” manually?
a. Change the “maintenance.mode” to true on the .fortify\ssc\conf\version.properties
file
b. There is no way to enable Maintenance mode manually
c. Change the “mode.maintenance” to true on the .fortify\ssc\conf\version.properties
d. Change the “maintenance.mode” to false on the .fortify\ssc\conf\version.properties file
10. When multiple “Nighly” processes are found, and they are not being killed, what is the common
root cause:
a. Incorrect WI installation
b. Is normal to find multiple “Nightly” processes and normal they not to be killed/
terminated
c. An antivirus might be not allowing the system to terminate the “Nightly” processes
d. The processes will be terminated automatically after the scan finishes
11. If there an issue with AA, what log would you request?
a. SSC.log
b. Ssc_seeding.log
c. Ssc_auditassistant.log
d. Ssc_install.log
12. What port is used by WI to communicate with SQLServer Express or SQL Server
a. 1521
b. 1433
c. 8080
d. 1430
13. Does WebInspect Enterprise requires scan database limit?
a. Yes
b. No
14. What .Net Framework does WI 20.0.1 needs to be installed
a. .NetFramework 4.8
b. .NetFramework 4.6
c. .NetFramework 4.2
d. .NetFramework 4.5
15. What is the default SSC database collation?
a. SQL_Latin1_General_CP1_CS_AI
b. SQL_Latin1_General_CP1_CS_AS
c. SQL_Latin1_General_CP1_CI_AI
d. Latin1_General_CP1_CS_AS
16. When making SSC a secure site, where would you deploy the certificate?
a. JRE keystore
b. Tomcat keystore
c. SSC keystore
d. Windows keystore
17. What permission does the SSC user created to connect to WIE has to have:
a. Admin role
b. Security Auditor role
c. WebInspect Enterprise role
d. View role
18. What would Scan Central main configuration look like:
a. SSC server- Scan Central Controller-Sensor(s)
b. WIE-Scan Central Controller-Sensor
c. SSC Server – Jenkins-Sensor
 d. SSC Server-Sensor
19. What is the main compiler used for .Net language since SCA 19.10?
a. MSBuild
b. Devenv
c. Javac
d. GCC
20. If a site is HTTPS, but when recording the login if fails a possible issue might be related to:
a. Site certificate needs to be added to the WI macro engine
b. Need to add the certificate to the Windows store
c. Site certificate need to be added to the WI browser
d. Install the certificate on the WI store

Multiple Selection

1. If you want to create a copy of an existing Application Version, what options can you follow:
a. Create a new version selecting “Application State” option
b. Download a FPR from Artifacts using the “Application and Source” button
c. Create a new application version and manually copy/ pasting the vulnerabilities found
d. Create a query and asking the DBA to run it
2. When installing SSC on a SQL Server, there are two requisites related to it:
a. ALLOW_SNAPSHOT_ISOLATION should be enabled
b. READ_COMMITTED_SNAPSHOT should be on
c. READ_COMMITTED_SNAPSHOT should be off
d. ALLOW_SNAPSHOT_ISOLATION should be off
3. Name two reasons why “Interactive Scan” configuration should be selected:
a. CAPTCHA
b. SPA pages
c. 2FA
d. HIPS
4. When using the SCA Visual Studio 2019 plug in on Windows 10 with .Net Framework 4.8, there
is a known issue related to vulnerabilities not showing up, what are the two possible
workarounds:
a. Downgrade to .NetFramework 4.7
b. Uncheck “Optimize rendering for screens with different pixel densities” on Visual
Studio 2019 under Options>Environment
c. Uninstall Visual Studio
d. Modify the Visual Studio configuration files
5. Name some of the general requirements to install WIE on a machine:
a. Windows Server
b. .net Framework
c. IIS
d. Sql Express
e. RHEL 7.x
6. Name some build tools supported by SCA:
a. Bamboo
 b. Jenkins
c. Conan
d. Dune
e. Maven
7. Name Single Sign-On versions supported by SSC:
a. SAML 2.0
b. SPNEGO/Kerberos
c. X.509
d. OpenID
8. Select what languages are supported by the CloudScan Sensor during translation
a. Ruby
b. JavaScript
c. Go
d. Cobol
e. Scala
9. On WIE, when checking the Scan Queue it displays the following scan information for each scan
running or waiting to run:
a. Scan Name
b. Date and time the scan was request was created
c. Scan Status
d. Scan IP address
e. Scan expected time to be executed
10. When launching a scan with WI there are some tools or pieces of software that might interfere
with the attacks, select 3:
a. WAF (Web Application Firewall)
b. Antivirus
c. Intrusion detection/ prevention systems
d. Proxy
11. What two options does WI has regarding DB support?
a. SQL Server
b. Oracle
c. MySQL
d. SQLExpress
12. What two parameters would add libraries or dependencies to translate commands
a. -cp
b. -libdirs
c. -libraries
d. -lib
13. What files would you request if a customer reports a problem while scanning a website
a. 00000-00000 folder logs
b. Scan results file (.scan)
c. Traffic monitor
d. Sensor logs
14. What are the two main components of ScanCentral:
 a. Controller
b. Client
c. sca
d. SCA
15. Name two methods you can use to upload FPRs to SSC?
a. REST API
b. Fortifyclient
c. FTP
d. Scauploadtolken
16. When WIE is integrated with SSC, the authentication and roles are managed by
a. Authentication is managed by SSC
b. Roles are determined by WIE
c. Roles are taken by SSC
d. Authentication is managed by WIE
17. Does SSC get connected to the following tools
a. Jenkins
b. TFS
c. Maven
d. Gradle
18. When using Maven or Gradle what files are used to determine the build
a. POM xml
b. Make file
c. Ant file
d. Gob.xml
19. SCA can get the following languages translated
a. .net Core
b. Python
c. Go
d. Ruby on Rails
e. Typescript
20. What are some of the steps to upgrade SSC?
a. Generate and run upgrade script on the SSC db
b. Delete ssc.war
c. Delete ssc folder
d. Uninstall SSC