Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
3K views

Secure Programming Practices

The document discusses secure programming practices such as error handling, authentication, authorization, and logging. It provides questions and answers about these topics.

Uploaded by

Yees BoojPai
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
3K views

Secure Programming Practices

The document discusses secure programming practices such as error handling, authentication, authorization, and logging. It provides questions and answers about these topics.

Uploaded by

Yees BoojPai
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Join our channel if you haven’t joined yet https://t.

me/fresco_milestone ( @fresco_milestone )

Secure Programming Practices

Which of the following is true about improper error handling?

Answer : All the above options

Which of the following statement is not true regarding Error Handling and Logging?

Answer : All the above statements are true. (Incorrect)

Exception Handling refers to:

Answer : All the above options

Which of the following is not an appropriate method to make an authentication mechanism secure?

Answer: Providing default access.

When valuable information has to be transmitted as part of a client request, which of the following
mode should be used?

Answer : POST method with a suitable encryption mechanism

Which of the following methods can be used by the client and server to validate user input?

Answer : E) A) and B)

Which of the following is not recommended to secure web applications against authenticated users?

Answer: Client-side data validation

There are various HTTP authentication mechanisms to authenticate a user. Login credentials are sent
to the web server in clear text, in which of the following authentication scheme?

Answer: Basic

A race condition in a web server can cause which of the following?

Answer : E) Both A) and C)

What is the purpose of Audit Trail and Logging?

Answer : All the above options

Which of the following is not an authentication method?

Answer: Cookie-based

Temporarily files created by applications can expose confidential data if:

Answer: File permissions are not set appropriately


Join our channel if you haven’t joined yet https://t.me/fresco_milestone ( @fresco_milestone )

Which of the following are secure programming guidelines?

Answer : E) A), B) and C)

To improve the overall quality of web applications, developers should abide by which of the
following rules?

Answer : Clean and validate all user input

Setting the cookie flag to which of the following mode is a good programming practice?

Answer : Secure

Security check can be enforced at compile time by:

Answer : E) A) and C)

Which of the following is a best practice for Audit Trail and Logging?

Answer : Restrict the access level of configuration and program-level resources. & All the above
options(incorrect)

Which of the following is a security advantage of managed code over unmanaged code?

Answer : Size of the attack surface

Set2:

Identify the correct statement in the following:

Answer : Unclear security requirements and inadequate security reviews are the primary reasons for
security issues. (Incorrect)

Secure practices for access control include which of the following?

Answer : ALl

Identify the correct statement in the following:

Answer : Logic bomb is an unintentional weakness.

Which of the following is not an authorization type?

Answer : User Access Control

Which of the followings are secure programming guidelines?

Answer : A, B & C

Which of the following is the best approach to use when providing access to an SSO application in a
portal?

Answer : Role-based access control


Join our channel if you haven’t joined yet https://t.me/fresco_milestone ( @fresco_milestone )

Authentication and session management are security concerns of which of the following
programming languages?

Answer : All

From application security perspective, why should a CAPTCHA be used in a web application?

Answer : To prevent scripted attacks

Temporarily files created by applications can expose confidential data if:

Answer : File permissions are not set appropriately

Securing a database application with username/password access control should be considered


sufficient:

Answer : Only when combined with other controls

In a multi-staged login mechanism, which of the following regarding application security should be
ensured by the developer?

Answer : The application should validate the credentials supplied at each stage and the previous
stages.

Identify the correct statement in the following:

Development teams need not worry about rework due to security vulnerability.

High vulnerability can be ignored, and software can be released to the customer.

A firewall is the best protection against application attacks.

Answer : None of the above options.

Which of the following statement is not true regarding Error Handling and Logging?

Answer : Never implement a generic error page.

Identify the correct statement in the following:

Answer : E) A and B

You might also like