This exam tests your understanding of Software Security Assurance problem and solution elements, HP Fortify Static Code Analyzer (SCA), Articulation of Purpose, Benefits and Significant Advantages / Features, Discovery & Technical Qualification of Opportunities, Technical Objection Handling and Competitive Positioning, Operational Proficiency (installation, configuration, operation), dramatization of Value/Benefits (demonstration of common use cases / work flows tailored to Prospect circumstances), resolution of concerns through structured Proof of Value engagements, ability to troubleshoot common problems.
Who should take this exam?
This exam is for Presales Professionals who will work with Sales Personnel to provide business, product, and technical knowledge in support of pre-sales activities, and will be concerned with key customer-facing technical activities at this stage.
This exam has 60 questions.
Here are types of questions to expect:
- Multiple choice (multiple responses)
- Multiple choice (single response)
Tips for taking this exam
You are not required to take the recommended supporting courses and completion of training does not guarantee that you will pass the exam. HP strongly recommends a combination of training, thorough review of courseware and additional study references, and sufficient on the job experience prior to taking the exam.
This exam validates that you can successfully perform the following:
Understanding of Software Security Assurance problem and solution elements
- What is the driving need for SSA?
- Understand the need for application security; Features of Secure
Development -SDLC; The HP security process using HP Fortify; SSA Benefits;
SAMM – Best practices for software development and the Value of SSA
HP Fortify Static Code Analyzer (SCA)
- HP Fortify SCA Overview, Features, Workflow, Analyzers, and Tools
Articulation of Purpose, Benefits and Significant Advantages / Features
-HP Fortify on Demand (FoD) and HP WebInspect Overview; How HP
WebInspect fits into Fortify FoD and other HP tools
- HP Fortify SSC Components
- HP Fortify on Demand (FoD)
- Enterprise Software Security in the Cloud; The Problem FoD solves; HP
Fortify on Demand Services; How HP Fortify on Demand works, and HP Fortify
on Demand Products
•HP WebInspect (WI)
- WebInspect Features and Benefits; HP WebInspect Enterprise (WIE)
Features and Benefits and HP WebInspect components
•Bundling HP Fortify SSC and WIE
Discovery & Technical Qualification of Opportunities
- What the technical team needs to determine:
- Questions the technical team should ask; Using SAMM as a security
guideline; Code review and Security review questions
Technical Objection Handling and Competitive Positioning
- Handling Technical Objections:
- Understanding Typical Objections with probing questions; Specific answers
to customer questions
- Competitive Positioning:
- Strengths, Weaknesses, and Winning Positions for top competitors; Top
Three Competitive Dos and Don'ts
Operational Proficiency (installation, configuration, operation)
- Installation and configuration steps for WebInspect; WebInspect
operation,What happens during a WebInspect scan?
- WebInspect Enterprise
- Architecture of WebInspect Enterprise; Installation steps for WebInspect
Enterprise; User management deployment for WebInspect Enterprise,
- Fortify on Demand
- Fortify on Demand operation options, Fortify on Demand preparation and
Dramatization of Value/Benefits (demonstration of common use cases / work flows tailored to Prospect circumstances)
- Customer Engagement Model
- Phase 1: Customer on-boarding; Phase 2: Application on-boarding; Phase 3:
Application security analysis; Phase 4: Findings triage, and Phase 5:
Customer findings delivery
- How to maximize sales with demos
- What is the purpose of a “demo?”; How to properly set up a “demo?”Error!
Bookmark not defined.; What content should be shown in a demo?
- Identify key HP Fortify on Demand features to demo
•Fortify on Demand use cases
- Static Analysis (automatic or manual)Error! Bookmark not defined.
- Web Application Automated Dynamic Analysis with Manual Ethical Hacking
- Proactive Secure Application Development – Integration Build Analysis
Resolution of concerns through structured Proof of Value engagements
- The purpose of a POV, When to offer a POV, Choose prospects who will
benefit from a POV, Why to do POVs with FoD
- Steps to Take to Win a FoD POV, Tips for a successful FoD POV
•The Proposed Agenda
- Tasks prior to POV; POV implementation and review
Ability to troubleshoot common problems
- Troubleshooting a WebInspect macro, What’s New in WebInspect 9.0
- Troubleshooting Fortify on Demand problems
- File extension errors, Files needed for a static scan, Preparing for a dynamic
scan, Preparing application project files for submission, Additional