Secure Programming Practices MCQs Solution | TCS Fresco Play | Fresco Play

Disclaimer: The primary purpose of providing this solution is to assist and support anyone who are unable to complete these courses due to a technical issue or a lack of expertise. This website's information or data are solely for the purpose of knowledge and education.

1. Securing a database application with username/password access control should be considered sufficient:

Only when combined with other controls

2. A race condition in a web server can cause which of the following?

BOTH A AND C

3. Authentication and session management are security concerns of which of the following programming languages?

ALL

4. Exception Handling refers to:

ALL

5. From application security perspective, why should a CAPTCHA be used in a web application?

To prevent scripted attacks

6. Identify the correct statement in the following:

AND B

7. Identify the correct statement in the following:

LOGIC BOMB

8. Identify the correct statement in the following:

ACCOUNTABILITY

9. Identify the correct statement in the following:

D) All the above options

C) To secure online data, build secure software.

B) Customer trust, reputation, financial, compliance, and privacy are the major reasons to implement a software security program.

E) A) and C)

A) Security is a technical problem and is the responsibility of the security manager.

10. Identify the correct statement in the following:

ALL

Unclear security requirements and inadequate security reviews are the primary reasons for security issues.

Secure software does not generate a trail to identify the source and path of an attack. The effort for application security must be linked with the criticality of the application.

11. In a multi-staged login mechanism, which of the following regarding application security should be ensured by the developer?

The application should validate the credentials supplied at each stage and the previous stages.

12. One of the main disadvantages of integrating cryptography into applications is:

Possible denial of service if the keys are corrupted.

13. Security check can be enforced at compile time by

Adding debug traces to code.

A. Enabling all compiler warnings, and paying attention to these warnings.

C) Checking all pointer against null(0) values before using them

14. Temporarily files created by applications can expose confidential data if:

FILE PERMISSIONS

15. There are various HTTP authentication mechanisms to authenticate a user. Login credentials are sent to the web server in clear text, in which of the following authentication scheme?

Basic

16. Through a successful format-string attack against a web application, an attacker is able to execute which of the following actions?

Read and write to memory at will

17. When valuable information has to be transmitted as part of a client request, which of the following mode should be used?

POST METHOD

18. Which of the following are secure programming guidelines?  

A), B) and C)

19. Which of the following is not an authorization type?

User Access Control

20. Which of the following is the best approach to use when providing access to an SSO application in a portal?

Role-based access control

21. Which of the following is true about improper error handling?

All the above options

22. Which of the following methods can be used by the client and server to validate user input?

A AND B

____________

Updated: 17-10-2022

Which of the following is true about improper error handling?

Answer : All the above options

Which of the following statement is not true regarding Error Handling and Logging?

Answer : All the above statements are true. (Incorrect)

Exception Handling refers to:

Answer : All the above options

Which of the following is not an appropriate method to make an authentication mechanism secure?

Answer: Providing default access.

When valuable information has to be transmitted as part of a client request, which of the following

mode should be used?

Answer : POST method with a suitable encryption mechanism

Which of the following methods can be used by the client and server to validate user input?

Answer : E) A) and B)

Which of the following is not recommended to secure web applications against authenticated users?

Answer: Client-side data validation

There are various HTTP authentication mechanisms to authenticate a user. Login credentials are sent

to the web server in clear text, in which of the following authentication scheme?

Answer: Basic

A race condition in a web server can cause which of the following?

Answer : E) Both A) and C)

What is the purpose of Audit Trail and Logging?

Answer : All the above options

Which of the following is not an authentication method?

Answer: Cookie-based

Temporarily files created by applications can expose confidential data if:

Answer: File permissions are not set appropriately 

Which of the following are secure programming guidelines?

Answer : E) A), B) and C)

To improve the overall quality of web applications, developers should abide by which of the

following rules?

Answer : Clean and validate all user input

Setting the cookie flag to which of the following mode is a good programming practice?

Answer : Secure

Security check can be enforced at compile time by:

Answer : E) A) and C)

Which of the following is a best practice for Audit Trail and Logging?

Answer : Restrict the access level of configuration and program-level resources. & All the above

options(incorrect)

Which of the following is a security advantage of managed code over unmanaged code?

Answer : Size of the attack surface

Set2:

Identify the correct statement in the following:

Answer : Unclear security requirements and inadequate security reviews are the primary reasons for

security issues. (Incorrect)

Secure practices for access control include which of the following?

Answer : ALl

Identify the correct statement in the following:

Answer : Logic bomb is an unintentional weakness.

Which of the following is not an authorization type?

Answer : User Access Control

Which of the followings are secure programming guidelines?

Answer : A, B & C

Which of the following is the best approach to use when providing access to an SSO application in a

portal?

Answer : Role-based access control 

Authentication and session management are security concerns of which of the following

programming languages?

Answer : All

From application security perspective, why should a CAPTCHA be used in a web application?

Answer : To prevent scripted attacks

Temporarily files created by applications can expose confidential data if:

Answer : File permissions are not set appropriately

Securing a database application with username/password access control should be considered

sufficient:

Answer : Only when combined with other controls

In a multi-staged login mechanism, which of the following regarding application security should be

ensured by the developer?

Answer : The application should validate the credentials supplied at each stage and the previous

stages.

Identify the correct statement in the following:

Development teams need not worry about rework due to security vulnerability.

High vulnerability can be ignored, and software can be released to the customer.

A firewall is the best protection against application attacks.

Answer : None of the above options.

Which of the following statement is not true regarding Error Handling and Logging?

Answer : Never implement a generic error page.

Identify the correct statement in the following:

Answer : E) A and B