Secure Programming Practices MCQs Solution | TCS Fresco Play | Fresco Play
Disclaimer: The primary purpose of providing this solution is to assist and support anyone who are unable to complete these courses due to a technical issue or a lack of expertise. This website's information or data are solely for the purpose of knowledge and education.
All Question of the MCQs Present Below for Ease Use Ctrl + F with the question name to find the Question. All the Best!
1. Securing a database application with username/password access control should be considered sufficient:
Only when combined with other controls
2. A race condition in a web server can cause which of the following?
BOTH A AND C
3. Authentication and session management are security concerns of which of the following programming languages?
ALL
4. Exception Handling refers to:
ALL
5. From application security perspective, why should a CAPTCHA be used in a web application?
To prevent scripted attacks
6. Identify the correct statement in the following:
AND B
7. Identify the correct statement in the following:
LOGIC BOMB
8. Identify the correct statement in the following:
ACCOUNTABILITY
9. Identify the correct statement in the following:
D) All the above options
C) To secure online data, build secure software.
B) Customer trust, reputation, financial, compliance, and privacy are the major reasons to implement a software security program.
E) A) and C)
A) Security is a technical problem and is the responsibility of the security manager.
10. Identify the correct statement in the following:
ALL
Unclear security requirements and inadequate security reviews are the primary reasons for security issues.
Secure software does not generate a trail to identify the source and path of an attack. The effort for application security must be linked with the criticality of the application.
11. In a multi-staged login mechanism, which of the following regarding application security should be ensured by the developer?
The application should validate the credentials supplied at each stage and the previous stages.
12. One of the main disadvantages of integrating cryptography into applications is:
Possible denial of service if the keys are corrupted.
13. Security check can be enforced at compile time by
Adding debug traces to code.
A. Enabling all compiler warnings, and paying attention to these warnings.
C) Checking all pointer against null(0) values before using them
14. Temporarily files created by applications can expose confidential data if:
FILE PERMISSIONS
15. There are various HTTP authentication mechanisms to authenticate a user. Login credentials are sent to the web server in clear text, in which of the following authentication scheme?
Basic
16. Through a successful format-string attack against a web application, an attacker is able to execute which of the following actions?
Read and write to memory at will
17. When valuable information has to be transmitted as part of a client request, which of the following mode should be used?
POST METHOD
18. Which of the following are secure programming guidelines?
A), B) and C)
19. Which of the following is not an authorization type?
User Access Control
20. Which of the following is the best approach to use when providing access to an SSO application in a portal?
Role-based access control
21. Which of the following is true about improper error handling?
All the above options
22. Which of the following methods can be used by the client and server to validate user input?
A AND B
____________
Updated: 17-10-2022
Which of the following is true about improper error handling?
Answer : All the above options
Which of the following statement is not true regarding Error Handling and Logging?
Answer : All the above statements are true. (Incorrect)
Exception Handling refers to:
Answer : All the above options
Which of the following is not an appropriate method to make an authentication mechanism secure?
Answer: Providing default access.
When valuable information has to be transmitted as part of a client request, which of the following
mode should be used?
Answer : POST method with a suitable encryption mechanism
Which of the following methods can be used by the client and server to validate user input?
Answer : E) A) and B)
Which of the following is not recommended to secure web applications against authenticated users?
Answer: Client-side data validation
There are various HTTP authentication mechanisms to authenticate a user. Login credentials are sent
to the web server in clear text, in which of the following authentication scheme?
Answer: Basic
A race condition in a web server can cause which of the following?
Answer : E) Both A) and C)
What is the purpose of Audit Trail and Logging?
Answer : All the above options
Which of the following is not an authentication method?
Answer: Cookie-based
Temporarily files created by applications can expose confidential data if:
Answer: File permissions are not set appropriately
Which of the following are secure programming guidelines?
Answer : E) A), B) and C)
To improve the overall quality of web applications, developers should abide by which of the
following rules?
Answer : Clean and validate all user input
Setting the cookie flag to which of the following mode is a good programming practice?
Answer : Secure
Security check can be enforced at compile time by:
Answer : E) A) and C)
Which of the following is a best practice for Audit Trail and Logging?
Answer : Restrict the access level of configuration and program-level resources. & All the above
options(incorrect)
Which of the following is a security advantage of managed code over unmanaged code?
Answer : Size of the attack surface
Set2:
Identify the correct statement in the following:
Answer : Unclear security requirements and inadequate security reviews are the primary reasons for
security issues. (Incorrect)
Secure practices for access control include which of the following?
Answer : ALl
Identify the correct statement in the following:
Answer : Logic bomb is an unintentional weakness.
Which of the following is not an authorization type?
Answer : User Access Control
Which of the followings are secure programming guidelines?
Answer : A, B & C
Which of the following is the best approach to use when providing access to an SSO application in a
portal?
Answer : Role-based access control
Authentication and session management are security concerns of which of the following
programming languages?
Answer : All
From application security perspective, why should a CAPTCHA be used in a web application?
Answer : To prevent scripted attacks
Temporarily files created by applications can expose confidential data if:
Answer : File permissions are not set appropriately
Securing a database application with username/password access control should be considered
sufficient:
Answer : Only when combined with other controls
In a multi-staged login mechanism, which of the following regarding application security should be
ensured by the developer?
Answer : The application should validate the credentials supplied at each stage and the previous
stages.
Identify the correct statement in the following:
Development teams need not worry about rework due to security vulnerability.
High vulnerability can be ignored, and software can be released to the customer.
A firewall is the best protection against application attacks.
Answer : None of the above options.
Which of the following statement is not true regarding Error Handling and Logging?
Answer : Never implement a generic error page.
Identify the correct statement in the following:
Answer : E) A and B
Post a Comment