Secure Programming Practices Question Answer


Hello Friends, In this post we are going to discuss Secure Programming Practices Multiple choice question | Secure Programming Practices Objective type question | Secure Programming Practices TCS Fresco play dumps | Secure Programming Practices TCS Fresco Milestone Answer

Q1.Which of the following is true about improper error handling?

Answer : All the above options

Q2.Exception Handling refers to:

Answer : All the above options

Q3.Which of the following is not an appropriate method to make an authentication mechanism secure?

Answer: Providing default access.

Q4.When valuable information has to be transmitted as part of a client request, which of the following mode should be used?

Answer : POST method with a suitable encryption mechanism

Q5.Which of the following methods can be used by the client and server to validate user input?

Answer : E) A) and B)

Q6.Which of the following is not recommended to secure web applications against authenticated users?

Answer: Client-side data validation

Q7.There are various HTTP authentication mechanisms to authenticate a user. Login credentials are sent to the web server in clear text, in which of the following authentication scheme?

Answer: Basic

Q8.A race condition in a web server can cause which of the following?

Answer : E) Both A) and C)

Q9.What is the purpose of Audit Trail and Logging?

Answer : All the above options

Q10.Which of the following is not an authentication method?

Answer: Cookie-based

Q11.Temporarily files created by applications can expose confidential data if:

Answer: File permissions are not set appropriately

Q12.Which of the following are secure programming guidelines?

Answer : E) A), B) and C)

Q13.To improve the overall quality of web applications, developers should abide by which of the following rules?

Answer : Clean and validate all user input

Q14.Setting the cookie flag to which of the following mode is a good programming practice?

Answer : Secure


Q15.Security check can be enforced at compile time by:

Answer : E) A) and C)

Q16.Which of the following is a security advantage of managed code over unmanaged code?

Answer : Size of the attack surface

Q17.Secure practices for access control include which of the following?

Answer : ALl

Q18.Which of the following is not an authorization type?

Answer : User Access Control

Q19.Which of the followings are secure programming guidelines?

Answer : A, B & C

Q20.Which of the following is the best approach to use when providing access to an SSO application in a portal?

Answer : Role-based access control

Q21.Authentication and session management are security concerns of which of the following programming languages?

Answer : All

Q22.From application security perspective, why should a CAPTCHA be used in a web application?

Answer : To prevent scripted attacks

Q23.Temporarily files created by applications can expose confidential data if

Answer : File permissions are not set appropriately

Q24.Securing a database application with username/password access control should be considered sufficient

Answer : Only when combined with other controls

Q25.In a multi-staged login mechanism, which of the following regarding application security should be Ensured by the developer?

Answer : The application should validate the credentials supplied at each stage and the previous
stages.

Q26.Identify the correct statement in the following:
Development teams need not worry about rework due to security vulnerability. High vulnerability can be ignored, and software can be released to the customer. A firewall is the best protection against application attacks.

Answer : None of the above options.

Q27.Which of the following statement is not true regarding Error Handling and Logging?

Answer : Never implement a generic error page.

Q28.Identify the correct statement in the following:

Answer : E) A and B


Leave a Reply

Your email address will not be published. Required fields are marked *