Number of questions: 53
Time allowed in minutes: 90
Required passing score: 62%
Languages: English, French, Latin American Spanish, Portuguese (Brazil)
IBM Certified Associate Analyst – Security AppScan SAST Source V9.0.1
The test consists of eight sections containing a total of approximately 60 multiple-choice questions. The percentages after each section title reflect the approximate distribution of the total question set across the sections.
Section 1 – Key Concepts of AppScan SAST V9.0.1 (8%)
Describe static analysis.
Compare dynamic vs static testing.
Describe basic requirements to run a scan.
Section 2 – AppScan SAST V9.0.1 Components (10%)
Describe the AppScan server.
Describe AppScan clients.
Describe the AppScan Enterprise server.
Section 3 – Views and Perspectives (15%)
Describe main perspectives (tabs).
Describe views of configuration perspective.
Describe views of analysis perspective.
Describe views of triage perspective.
Section 4 – Scanning Methodology and Vulnerability Analysis (12%)
Describe data flow, sources, and sink.
Describe how method signatures in code are tagged/marked up.
Describe the phases of a code scan.
Describe supported technologies.
Describe the limitations of SAST.
Section 5 – Basics of Application Security (12%)
Describe the need for static code analysis.
Describe common vulnerability types.
Describe basic concept of input validation.
Section 6 – Scan Configuration and Application Preferences (15%)
Describe application onboarding.
Describe the application and project properties.
Describe different scan configuration templates.
Describe source file exclusions.
Section 7 – Triage Results / Issue Management and Reporting (20%)
Identify key or necessary triage tasks for SAST.
Demonstrate understanding of resolving false positives.
Demonstrate understanding of issue classification.
Identify the different types of Findings Reports.
Describe saving results.
Section 8 – Basic Troubleshooting (8%)
Describe errors during compilation and how they effect code coverage.
Describe the purpose of the errors console.
Describe the project validate feature.
Job Role Description / Target Audience
This entry level certification is intended for Associate Analysts who know the fundamental concepts of and work with IBM Security AppScan SAST V9.0.1 through hands-on experience. (This certification is also for entry level application developers, application architects and security architects.)
These Associate Analysts can describe the fundamental concepts and product components, understand basic application security, scanning methodology, vulnerability analysis, triaging results and issue management. They can also configure an application and run a standard code scan, recognize causes for common false positive and false negative results, and can basic troubleshoot.
These Associate Analysts are able to complete tasks with little to no assistance from documentation, peers or support.
To attain the IBM Certified Associate Analyst – Security AppScan SAST Source V9.0.1, candidates must pass 1 test. To gain additional knowledge and skills, and prepare for this test based on the job role and test objectives, take the link to the test below, and refer to the Test Preparation tab.
Recommended Prerequisite Skills
Basic knowledge of:
general programming concepts
This certification requires 1 test(s).
Click on the link(s) below to see test details, test objectives, suggested training and sample tests.
Test C2150-212 – IBM Security AppScan SAST Source V9.0.1 Analysis Fundamentals
contains questions requiring single and multiple answers. For multiple-answer questions, you need to choose all required options to get the answer correct. You will be advised how many options make up the correct answer. is designed to provide diagnostic feedback on the Examination Score Report, correlating back to the test objectives, informing the test taker how he or she did on each section of the test. As a result, to maintain the integrity of each test, questions and answers are not distributed.