Scribd Logo
Upload

Welcome to Scribd!

  • Secure Programming Practices

    Uploaded by

    Yees BoojPai
    25 views3 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    25 views3 pages

    Secure Programming Practices

    Uploaded by

    Yees BoojPai

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Join our channel if you haven’t joined yet https://t.

    me/fresco_milestone ( @fresco_milestone )

    Secure Programming Practices

    Which of the following is true about improper error handling?

    Answer : All the above options

    Which of the following statement is not true regarding Error Handling and Logging?

    Answer : All the above statements are true. (Incorrect)

    Exception Handling refers to:

    Answer : All the above options

    Which of the following is not an appropriate method to make an authentication mechanism secure?

    Answer: Providing default access.

    When valuable information has to be transmitted as part of a client request, which of the following
    mode should be used?

    Answer : POST method with a suitable encryption mechanism

    Which of the following methods can be used by the client and server to validate user input?

    Answer : E) A) and B)

    Which of the following is not recommended to secure web applications against authenticated users?

    Answer: Client-side data validation

    There are various HTTP authentication mechanisms to authenticate a user. Login credentials are sent
    to the web server in clear text, in which of the following authentication scheme?

    Answer: Basic

    A race condition in a web server can cause which of the following?

    Answer : E) Both A) and C)

    What is the purpose of Audit Trail and Logging?

    Answer : All the above options

    Which of the following is not an authentication method?

    Answer: Cookie-based

    Temporarily files created by applications can expose confidential data if:

    Answer: File permissions are not set appropriately


    Join our channel if you haven’t joined yet https://t.me/fresco_milestone ( @fresco_milestone )

    Which of the following are secure programming guidelines?

    Answer : E) A), B) and C)

    To improve the overall quality of web applications, developers should abide by which of the
    following rules?

    Answer : Clean and validate all user input

    Setting the cookie flag to which of the following mode is a good programming practice?

    Answer : Secure

    Security check can be enforced at compile time by:

    Answer : E) A) and C)

    Which of the following is a best practice for Audit Trail and Logging?

    Answer : Restrict the access level of configuration and program-level resources. & All the above
    options(incorrect)

    Which of the following is a security advantage of managed code over unmanaged code?

    Answer : Size of the attack surface

    Set2:

    Identify the correct statement in the following:

    Answer : Unclear security requirements and inadequate security reviews are the primary reasons for
    security issues. (Incorrect)

    Secure practices for access control include which of the following?

    Answer : ALl

    Identify the correct statement in the following:

    Answer : Logic bomb is an unintentional weakness.

    Which of the following is not an authorization type?

    Answer : User Access Control

    Which of the followings are secure programming guidelines?

    Answer : A, B & C

    Which of the following is the best approach to use when providing access to an SSO application in a
    portal?

    Answer : Role-based access control


    Join our channel if you haven’t joined yet https://t.me/fresco_milestone ( @fresco_milestone )

    Authentication and session management are security concerns of which of the following
    programming languages?

    Answer : All

    From application security perspective, why should a CAPTCHA be used in a web application?

    Answer : To prevent scripted attacks

    Temporarily files created by applications can expose confidential data if:

    Answer : File permissions are not set appropriately

    Securing a database application with username/password access control should be considered


    sufficient:

    Answer : Only when combined with other controls

    In a multi-staged login mechanism, which of the following regarding application security should be
    ensured by the developer?

    Answer : The application should validate the credentials supplied at each stage and the previous
    stages.

    Identify the correct statement in the following:

    Development teams need not worry about rework due to security vulnerability.

    High vulnerability can be ignored, and software can be released to the customer.

    A firewall is the best protection against application attacks.

    Answer : None of the above options.

    Which of the following statement is not true regarding Error Handling and Logging?

    Answer : Never implement a generic error page.

    Identify the correct statement in the following:

    Answer : E) A and B

    You might also like