Exam ID HP0-M65
Exam type Proctored exam taken at dedicated testing center
Exam duration 1 hour 40 minutes
Exam length 60 questions
Passing score 70%
Delivery languages English
Related Certifications
  • HP Technical Certified I - Fortify Security [2013] (inactive)
Supporting courses These recommended courses help you prepare for the exam:

Register for this Exam

You will need an HP Learner ID and a Pearson VUE login and password.

During the exam, you can make specific comments about the exam and items. HP welcomes these comments as part of our continuous improvement process.
No online or hard copy reference material will be allowed at the testing site. This exam may contain beta test items for experimental purposes.

Exam description

This exam tests your understanding of Software Security Assurance problem and solution elements, HP Fortify Static Code Analyzer (SCA), Articulation of Purpose, Benefits and Significant Advantages / Features, Discovery & Technical Qualification of Opportunities, Technical Objection Handling and Competitive Positioning, Operational Proficiency (installation, configuration, operation), dramatization of Value/Benefits (demonstration of common use cases / work flows tailored to Prospect circumstances), resolution of concerns through structured Proof of Value engagements, ability to troubleshoot common problems.

Who should take this exam?

This exam is for Presales Professionals who will work with Sales Personnel to provide business, product, and technical knowledge in support of pre-sales activities, and will be concerned with key customer-facing technical activities at this stage.

Exam contents

This exam has 60 questions. Here are types of questions to expect:
  • Matching
  • Multiple choice (multiple responses)
  • Multiple choice (single response)

Tips for taking this exam

You are not required to take the recommended supporting courses and completion of training does not guarantee that you will pass the exam. HP strongly recommends a combination of training, thorough review of courseware and additional study references, and sufficient on the job experience prior to taking the exam.


This exam validates that you can successfully perform the following:

Understanding of Software Security Assurance problem and solution elements

  • What is the driving need for SSA?
    - Understand the need for application security; Features of Secure
    Development -SDLC; The HP security process using HP Fortify; SSA Benefits;
    SAMM – Best practices for software development and the Value of SSA


HP Fortify Static Code Analyzer (SCA)
- HP Fortify SCA Overview, Features, Workflow, Analyzers, and Tools


Articulation of Purpose, Benefits and Significant Advantages / Features
-HP Fortify on Demand (FoD) and HP WebInspect Overview; How HP
WebInspect fits into Fortify FoD and other HP tools
- HP Fortify SSC Components

  • HP Fortify on Demand (FoD)
    - Enterprise Software Security in the Cloud; The Problem FoD solves; HP
    Fortify on Demand Services; How HP Fortify on Demand works, and HP Fortify
    on Demand Products
    •HP WebInspect (WI)
    - WebInspect Features and Benefits; HP WebInspect Enterprise (WIE)
    Features and Benefits and HP WebInspect components
    •Bundling HP Fortify SSC and WIE


Discovery & Technical Qualification of Opportunities

  • What the technical team needs to determine:
    - Questions the technical team should ask; Using SAMM as a security
    guideline; Code review and Security review questions


Technical Objection Handling and Competitive Positioning

  • Handling Technical Objections:
    - Understanding Typical Objections with probing questions; Specific answers
    to customer questions
  • Competitive Positioning:
    - Strengths, Weaknesses, and Winning Positions for top competitors; Top
    Three Competitive Dos and Don'ts


Operational Proficiency (installation, configuration, operation)

  • WebInspect:
    - Installation and configuration steps for WebInspect; WebInspect
    operation,What happens during a WebInspect scan?
  • WebInspect Enterprise
    - Architecture of WebInspect Enterprise; Installation steps for WebInspect
    Enterprise; User management deployment for WebInspect Enterprise,
  • Fortify on Demand
    - Fortify on Demand operation options, Fortify on Demand preparation and


Dramatization of Value/Benefits (demonstration of common use cases / work flows tailored to Prospect circumstances)

  • Customer Engagement Model
    - Phase 1: Customer on-boarding; Phase 2: Application on-boarding; Phase 3:
    Application security analysis; Phase 4: Findings triage, and Phase 5:
    Customer findings delivery
  • How to maximize sales with demos
    - What is the purpose of a “demo?”; How to properly set up a “demo?”Error!
    Bookmark not defined.; What content should be shown in a demo?
    - Identify key HP Fortify on Demand features to demo
    •Fortify on Demand use cases
    - Static Analysis (automatic or manual)Error! Bookmark not defined.
    - Web Application Automated Dynamic Analysis with Manual Ethical Hacking
    - Proactive Secure Application Development – Integration Build Analysis


Resolution of concerns through structured Proof of Value engagements

  • Overview
    - The purpose of a POV, When to offer a POV, Choose prospects who will
    benefit from a POV, Why to do POVs with FoD
    - Steps to Take to Win a FoD POV, Tips for a successful FoD POV
    •The Proposed Agenda
    - Tasks prior to POV; POV implementation and review


Ability to troubleshoot common problems

  • Troubleshooting a WebInspect macro, What’s New in WebInspect 9.0
  • Troubleshooting Fortify on Demand problems
    - File extension errors, Files needed for a static scan, Preparing for a dynamic
    scan, Preparing application project files for submission, Additional