Have an account?
Skip to Content
Build your own quiz
Suggestions for you
Computers, Instructional Technology, Professional Development
University
Secure Programming Practices
23 questions
Show Answers
See Preview
- 1. Multiple Choice
Through a successful format-string attack against a web application, an attacker is able to execute which of the following actions?
All the above options
Read and write to memory at will
Write only certain areas using tokens
Read certain memory areas using the %s token
- 2. Multiple Choice
Setting the cookie flag to which of the following mode is a good programming practice?
Protected
Secure
Locked
Safe
- 3. Multiple Choice
Identify the correct statement in the following:
B) Customer trust, reputation, financial, compliance, and privacy are the major reasons to implement a software security program.
C) To secure online data, build secure software.
A) Security is a technical problem and is the responsibility of the security manager.
D) All the above options
E) A) and C)
- 4. Multiple Choice
Secure practices for access control include which of the following?
All the options
Business workflow
Authorization on each request
Role-based access
- 5. Multiple Choice
Which of the following is not recommended to secure web applications against authenticated users?
Running the application with least privileges
Client-side data validation
Filtering data with a default deny regular expression
Using parameterized queries to access a database
- 6. Multiple Choice
Which of the following is the best approach to use when providing access to an SSO application in a portal?
Mandatory access control
Biometric access control
Role-based access control
Discretionary access control
- 7. Multiple Choice
Exception Handling refers to:
During application execution, if certain special conditions are met, a specific subroutine 'exception handler' is called.
All the options
Identifying all possible erroneous inputs, and managing how an application responds to them.
Commercial runtime environments that contain tools to record debugging information from memory at the time of the exception, to provide 'root-cause' analysis information later.
- 8. Multiple Choice
Which of the following is not an authorization type?
Role-based Access Control
Mandatory Access Control
User Access Control
Discretionary Access Control
- 9. Multiple Choice
Which of the following is a security advantage of managed code over unmanaged code?
Size of the attack surface
Size of the chroot jail
Number of lines of code
Number of roles
- 10. Multiple Choice
There are various HTTP authentication mechanisms to authenticate a user. Login credentials are sent to the web server in clear text, in which of the following authentication scheme?
Digest
NTLM
None of the options
Basic
Client Certificates
- 11. Multiple Choice
Security check can be enforced at compile time by:
B) Writing code for large projects.
D) Adding debug traces to code.
A) Enabling all compiler warnings, and paying attention to these warnings.
C) Checking all pointer against null(0) values before using them.
A) and C)
- 12. Multiple Choice
Which of the following is a best practice for Audit Trail and Logging?
Restrict the access level of configuration and program-level resources.
Apply the principle of Secure Default.
All the options
While processing, do not save sensitive information on the file system of the server.
Ensure server time is synchronized.
- 13. Multiple Choice
Temporarily files created by applications can expose confidential data if:
Special characters are not used in the filename to hide the file
The existence of the file exceeds three seconds
Special characters indicating a system file are not used in the filename
File permissions are not set appropriately
- 14. Multiple Choice
One of the main disadvantages of integrating cryptography into applications is:
Enhanced reliability, as users can no longer modify the source code.
Increased stability, as the programs are protected against a virus attack.
Reduced breaches of policy due to disclosure of information.
Possible denial of service if the keys are corrupted.
- 15. Multiple Choice
Which of the following is true about improper error handling?
Attackers can use exposed error messages to craft advanced attacks and gain system access.
Attackers can use error messages to extract specific information from a system.
All the options
Attackers can use unexpected errors to knock an application offline, creating a denial-of-service attack.
- 16. Multiple Choice
From application security perspective, why should a CAPTCHA be used in a web application?
To check the color blindness of a user
To check the validity of a user session
To prevent scripted attacks
To provide biometric authentication
- 17. Multiple Choice
To improve the overall quality of web applications, developers should abide by which of the following rules?
Trust user-supplied data
Allow the use of HIDDEN form fields
Use GET instead of POST
Clean and validate all user input
- 18. Multiple Choice
On logout, how should an application deal with session cookies?
Store IP
Update the time
Clear the cookies
Update the header
- 19. Multiple Choice
Identify the correct statement in the following:
None of the options.
High vulnerability can be ignored, and software can be released to the customer.
Development teams need not worry about rework due to security vulnerability.
A firewall is the best protection against application attacks.
- 20. Multiple Choice
Which of the following algorithm/encryption method is the safest to use?
Block Ciphers using Electronic Code Book (ECB) mode
AES
RC4
DES
- 21. Multiple Choice
In Python 2.x, the input() function is equivalent to eval(raw_input), is this true?
True
False
- 22. Multiple Choice
# Define POST variables
username = request.POST['username']
password = request.POST['password']
# SQL query vulnerable to SQLi
sql = “SELECT id FROM users WHERE username=’” + username+ “’ AND password=’” + password+ “’”
# Execute the SQL statement
database.execute(sql)
Are input fields vulnerable to SQL Injection?
Yes
No
- 23. Multiple Choice
Can integers overflow in python?
No
if the operations are done in pure python because python integers have arbitrary precision
Yes
if the operations are done in the pydata stack (numpy/pandas), because they use C-style fixed-precision integer
Yes
if the operations are done in pure python because python integers have arbitrary precision
No
if the operations are done in the pydata stack (numpy/pandas), because they use C-style fixed-precision integer
No
if the operations are done in pure python because python integers have arbitrary precision
No
if the operations are done in the pydata stack (numpy/pandas), because they use C-style fixed-precision integer
Yes
if the operations are done in pure python because python integers have arbitrary precision
Yes
if the operations are done in the pydata stack (numpy/pandas), because they use C-style fixed-precision integer
- Answer choicesTagsAnswer choicesTags