InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 1. |
Which of the following type of metrics do not involve subjective context but are material facts? |
|
Answer» Which of the following type of metrics do not involve SUBJECTIVE context but are material facts? |
|
| 2. |
The information gathered should be organized into a _________ that can be used to prioritize the review. |
|
Answer» The information gathered should be organized into a _________ that can be used to prioritize the review. |
|
| 3. |
The estimation of software size by measuring functionality. |
|
Answer» The ESTIMATION of software SIZE by measuring functionality. |
|
| 4. |
The first step in analyzing the attack surface is ________. |
|
Answer» The first step in analyzing the ATTACK surface is ________. |
|
| 5. |
The account used to make the database connection must have______ privilege. |
|
Answer» The account USED to make the DATABASE CONNECTION MUST have______ privilege. |
|
| 6. |
Inviting a friend to help look for a hard to find vulnerability is a method of security code review. |
|
Answer» Inviting a FRIEND to help look for a hard to FIND VULNERABILITY is a method of SECURITY code review. |
|
| 7. |
A solution to enhance security of passwords stored as hashes. |
|
Answer» A solution to enhance security of PASSWORDS stored as hashes. |
|
| 8. |
A representation of an attribute that cannot be measured directly, and are subjective and dependent on the context of wh |
|
Answer» A representation of an ATTRIBUTE that cannot be measured directly, and are subjective and dependent on the CONTEXT of where the metric was derived. |
|
| 9. |
Authorization that restricts the functionality of a subset of users. |
|
Answer» AUTHORIZATION that restricts the FUNCTIONALITY of a subset of users. Choose the correct option from below list (1)Vertical Authorization (2)HORIZONTAL Authorization Answer:-(1)Vertical Authorization |
|
| 10. |
Which of the following is more resistant to SQL injection attacks? |
|
Answer» Which of the following is more resistant to SQL INJECTION attacks? |
|
| 11. |
The average occurrance of programming faults per Lines of Code |
|
Answer» The average occurrance of programming faults per Lines of CODE |
|
| 12. |
___________ can be exploited to completely ignore authorization constraints. |
|
Answer» ___________ can be exploited to completely ignore AUTHORIZATION constraints. |
|
| 13. |
The process by which different equivalent forms of a name can be resolved to a single standard name, |
|
Answer» The process by which different equivalent FORMS of a name can be resolved to a single standard name, |
|
| 14. |
Which of the following are threats of cross site scripting on the authentication page? |
|
Answer» Which of the following are threats of cross site SCRIPTING on the authentication page? |
|
| 15. |
It is easy to distinguish good code from insecure code. |
|
Answer» It is easy to DISTINGUISH good code from INSECURE code. |
|
| 16. |
Defect density alone can be used to judge the security of code accurately. |
|
Answer» DEFECT DENSITY alone can be used to JUDGE the security of code accurately. Choose the CORRECT option from below LIST (1)False (2)True Answer:-(1)False |
|
| 17. |
The process through which the identity of an entity is established to be genuine. |
|
Answer» The process through which the identity of an ENTITY is ESTABLISHED to be genuine. |
|
| 18. |
The approach to input validation that simply encodes characters considered "bad" to a format which should not affect the functionality of the applicat |
|
Answer» The approach to input validation that simply encodes CHARACTERS CONSIDERED "bad" to a format which should not AFFECT the functionality of the APPLICATION and hence is very weak |
|
| 19. |
Which of the following is an efficient way to securely store passwords? |
|
Answer» Which of the following is an efficient way to securely store passwords? |
|
| 20. |
Parameterized stored procedures are compiled after the user input is added. |
|
Answer» Parameterized stored procedures are compiled after the USER INPUT is added. |
|
| 21. |
Complexity increases with the decision count. |
|
Answer» Complexity increases with the decision count. |
|
| 22. |
________ can be used to establish risk and stability estimations on an item of code, such as a class or method or even a |
|
Answer» ________ can be used to establish risk and stability estimations on an ITEM of code, such as a CLASS or method or even a COMPLETE system. |
|
| 23. |
To build SQL statements it is more secure to user PreparedStatement than Statement. |
|
Answer» To build SQL statements it is more SECURE to USER PreparedStatement than Statement. |
|
| 24. |
It is easy to develop secure sessions with sufficient entropy. |
|
Answer» It is EASY to develop secure SESSIONS with sufficient entropy. |
|
| 25. |
Which of the following can be used to prevent end users from entering malicious scripts? |
|
Answer» Which of the following can be used to prevent end users from entering malicious scripts? |
|
| 26. |
In a multi user multi threaded environment, thread safety is important as one may erroneously gain access to another ind |
|
Answer» In a multi user multi-threaded environment, thread safety is IMPORTANT as one MAY erroneously gain access to another individuals session by EXPLOITING ___________ . |
|
| 27. |
The _______ approach to validation only permits characters/ASCII ranges defined within a white-list. |
|
Answer» The _______ approach to validation only PERMITS characters/ASCII ranges DEFINED within a white-LIST. |
|