30 + Interview Questions in Secure Programming in Important Topics Page 1 InterviewSolution

1.	Through a successful format-string attack against a web application, an attacker is able to execute which of the followi
Answer» Through a SUCCESSFUL format-string attack against a web application, an attacker is able to EXECUTE which of the following actions? Choose the correct option from below list (1)Write only certain areas using TOKENS (2)Read and write to memory at will (3)Read certain memory areas using the %s token (4)All the above options Answer:-(2)Read and write to memory at will

Discussion

2.	Which of the following is not an authorization type?
Answer» Which of the FOLLOWING is not an authorization type? CHOOSE the CORRECT option from below list (1)Role-based ACCESS Control (2)Discretionary Access Control (3)Mandatory Access Control (4)User Access Control Answer:-(4)User Access Control

Discussion

3.	Which of the following are secure programming guidelines?
Answer» Which of the FOLLOWING are secure programming GUIDELINES? Choose the correct option from below list B) Never use input data as input for a FORMAT string. A) Always validate input for public methods. E) A), B) and C) C) Avoid the use of environment variables. D) Always call a shell to invoke another program from within a C/C++ program. F) None of the above options Answer:-E) A), B) and C)

Discussion

4.	Which of the following is a security advantage of managed code over unmanaged code?
Answer» Which of the following is a SECURITY advantage of managed code over unmanaged code? Choose the correct option from below LIST (1)Size of the ATTACK surface (2)Number of lines of code (3)Number of ROLES (4)Size of the chroot jail Answer:-(1)Size of the attack surface

Discussion

5.	Identify the correct statement in the following in secure programming questions:
Answer» Identify the correct statement in the following in secure programming questions Answers Choose the correct option from below list (1)NONE of the above options (2)SOFTWARE SECURITY is the development teams RESPONSIBILITY. (3)Vulnerability is a security weakness (4)Logic bomb is an unintentional weakness. Answer:-(4)Logic bomb is an unintentional weakness.

Discussion

6.	Identify the correct statement in the following in secure programming
Answer» IDENTIFY the correct statement in the following in secure programming Choose the correct option from below LIST (1)A) and B) (2)None of the above options (3)BANNED or deprecated versions of APIs must not be used.(4)Prepared statements can prevent SQL injection attacks. Answer:-(1)A) and B)

Discussion

7.	Temporarily files created by applications can expose confidential data if
Answer» Temporarily FILES created by applications can EXPOSE confidential data if Choose the correct option from below list (1)Special characters are not used in the filename to hide the file (2)File permissions are not SET appropriately (3)Special characters indicating a SYSTEM file are not used in the filename (4)The existence of the file exceeds three seconds Answer:-(2)File permissions are not set appropriately

Discussion

8.	It is a good programming practice to prevent caching of sensitive data at client or proxies, by implementing which of the following?
Answer» It is a GOOD programming practice to prevent caching of sensitive DATA at client or proxies, by implementing which of the following? Choose the correct option from below list (1)"Cache-Control: do not-cache, do not save" (2)"Cache-Control: no cache" (3)"Cache-Control: no-cache, no store" (4)"Cache-Control: do not-save, do not store" (5)"Cache-Control: no store" Answer:-(3)"Cache-Control: no-cache, no store"

Discussion

9.	Which of the following algorithm/encryption method is the
Answer» Which of the following algorithm/encryption method is the SAFEST to use? Choose the correct OPTION from below list (1)AES (2)Block Ciphers using Electronic Code Book (ECB) MODE (3)DES (4)RC4 Answer:-(1)AES

Discussion

10.	One of the main disadvantages of integrating cryptography into applications is:
Answer» One of the main disadvantages of integrating CRYPTOGRAPHY into applications is: Choose the correct option from below list (1)Reduced breaches of policy due to disclosure of information. (2)POSSIBLE DENIAL of service if the keys are corrupted. (3)Increased stability, as the programs are protected against a virus attack. (4)Enhanced reliability, as users can no longer modify the source CODE. Answer:-(2)Possible denial of service if the keys are corrupted.

Discussion

11.	To improve the overall quality of web applications, developers should abide by which of the following rules?
Answer» To improve the overall quality of web applications, developers should abide by which of the following rules? Choose the correct option from below LIST (1)Clean and VALIDATE all USER input (2)Trust user-supplied data (3)Use GET instead of POST (4)Allow the use of HIDDEN FORM fields Answer:-(1)Clean and validate all user input

Discussion

12.	Identify the correct statement in the following in secure programming questions
Answer» Identify the CORRECT statement in the following in secure programming questions Choose the correct option from below list (1)AUTHORIZATION validates user identity. (2)Accountability is a process to prevent REPUDIATION. (3)None of the above options is correct. (4)CONFIDENTIALITY is a process to prevent unauthorized ALTERATION of information. Answer:-(2)Accountability is a process to prevent repudiation.

Discussion

13.	Which of the following is not recommended to secure web applications against authenticated users?
Answer» Which of the following is not recommended to secure WEB applications against authenticated USERS? Choose the correct option from below LIST (1)Filtering data with a default deny regular expression (2)Running the application with least privileges (3)Using parameterized queries to access a DATABASE (4)Client-side data validation Answer:-(4)Client-side data validation

Discussion

14.	From application security perspective, why should a CAPTCHA be used in a web application?
Answer» From application security perspective, why should a CAPTCHA be USED in a web application? CHOOSE the correct option from below list (1)To prevent scripted attacks (2)To PROVIDE BIOMETRIC authentication (3)To check the color blindness of a user (4)To check the VALIDITY of a user session Answer:-(1)To prevent scripted attacks

Discussion

15.	Which of the following is the best approach to use when providing access to an SSO application in a portal?
Answer» Which of the following is the best approach to USE when providing access to an SSO APPLICATION in a portal? Choose the CORRECT OPTION from below LIST (1)Biometric access control (2)Discretionary access control (3)Mandatory access control (4)Role-based access control Answer:-(4)Role-based access control

Discussion

16.	Which of the following is true about improper error handling?
Answer» Which of the following is true about improper ERROR handling? Choose the CORRECT option from below list (1)All the above options (2)Attackers can use exposed error messages to craft advanced attacks and gain system ACCESS. (3)Attackers can use error messages to extract specific information from a system. (4)Attackers can use unexpected errors to knock an application offline, creating a denial-of-service attack. Answer:-(1)All the above options

Discussion

17.	Security check can be enforced at compile time by:
Answer» Security check can be enforced at COMPILE time by: Choose the correct option from below LIST A) ADDING debug traces to code. B) Writing code for LARGE projects. E) A) and C) F) None of the above OPTIONS C) Checking all pointer against null(0) values before using them. A) Enabling all compiler warnings, and paying attention to these warnings. Answer:-E) A) and C)

Discussion

18.	Securing a database application with username/password access control should be considered sufficient:
Answer» Securing a database application with username/password access control should be considered sufficient: Choose the correct option from below LIST (1)Only when combined with other controls (2)If the PASSWORDS contain more than six CHARACTERS (3)If NONE of the users have administrative access (4)To SECURE the application Answer:-(1)Only when combined with other controls

Discussion

19.	Proprietary protocols and data formats are:
Answer» Proprietary protocols and data FORMATS are: Choose the correct option from below list (1)Safe, because buffer overflows cannot be EFFECTIVELY determined by RANDOM submission of data. (2)Unsafe, because they rely on security by OBSCURITY. (3)SECURE, because of encryption. (4)Insecure, because vendors do not test them. Answer:-(1)Safe, because buffer overflows cannot be effectively determined by random submission of data.

Discussion

20.	Which of the following is not an appropriate method to make an authentication mechanism secure?
Answer» Which of the following is not an APPROPRIATE method to make an authentication mechanism secure? Choose the correct option from below list (1)Setting an expiry DATE for the authentication token. (2)Re-authenticating sensitive transactions. (3)Providing DEFAULT access. (4)Using encryption to store the authentication token. Answer:-(3)Providing default access.

Discussion

21.	Which of the following is not an authentication method?
Answer» Which of the FOLLOWING is not an authentication method? CHOOSE the CORRECT option from below LIST (1)Form-based (2)Single Sign On (3)Cookie-based (4)Basic authentication Answer:-(3)Cookie-based

Discussion

22.	If an attacker submits multiple input parameters (query string, post data, cookies, etc) of the same name, the application may react in unexpected way
Answer» If an attacker submits MULTIPLE input parameters (query STRING, post data, cookies, etc) of the same name, the application may react in unexpected ways and open up NEW avenues of server-side and client-side exploitation. This is the premise of which of the following? Choose the correct option from below list (1)Parameter BUSTING (2)HTTP Parameter Pollution (3)Distortion (4)Session Splitting Answer:-(2)HTTP Parameter Pollution

Discussion

23.	Setting the cookie flag to which of the following mode is a good programming practice?
Answer» SETTING the COOKIE flag to which of the following mode is a good programming PRACTICE? Choose the correct option from below list (1)SAFE (2)Secure (3)Protected (4)Locked Answer:-(2)Secure

Discussion

24.	Authentication and session management are security concerns of which of the following programming languages?
Answer» AUTHENTICATION and SESSION management are security concerns of which of the following PROGRAMMING languages? Choose the correct option from below list (1)PHP (2)Java (3)C (4).NET (5)All the above OPTIONS Answer:-(5)All the above options

Discussion

25.	Secure practices for access control include which of the following?
Answer» SECURE practices for access control INCLUDE which of the FOLLOWING? CHOOSE the correct option from below list (1)Role-based access (2)Business workflow (3)Authorization on each request (4)All the above options Answer:-(4)All the above options

Discussion

26.	There are various HTTP authentication mechanisms to authenticate a user. Login credentials are sent to the web server in clear text, in which of the f
Answer» There are VARIOUS HTTP authentication MECHANISMS to authenticate a user. LOGIN credentials are sent to the web server in clear text, in which of the following authentication scheme? Choose the correct option from below list (1)Client Certificates (2)Basic (3)None of the options (4)NTLM (5)Digest Answer:-(2)Basic

Discussion

27.	What is the purpose of Audit Trail and Logging?
Answer» What is the purpose of AUDIT Trail and LOGGING? Choose the correct option from below LIST (1)Software troubleshooting (2)Generate EVIDENCES for actions (3)Generate a CHRONOLOGICAL sequence of actions (4)All the above options Answer:-(4)All the above options

Discussion

28.	On logout, how should an application deal with session cookies?
Answer» On logout, how should an APPLICATION deal with session cookies? Choose the correct option from below list (1)Update the TIME (2)Clear the cookies (3)Store IP (4)Update the header Answer:-(2)Clear the cookies

Discussion

29.	A race condition in a web server can cause which of the following?
Answer» A race CONDITION in a web server can cause which of the following? CHOOSE the CORRECT option from below list A) Resources becoming unavailable to legitimate users C) Server Instability E) Both A) and C) B) Cross-site Tracing D) All the above options Answer:-E) Both A) and C)

Discussion

30.	When valuable information has to be transmitted as part of a client request, which of the following mode should be used?
Answer» When valuable information has to be TRANSMITTED as PART of a client request, which of the following mode should be used? Choose the correct OPTION from below LIST (1)GET method with a suitable encryption MECHANISM (2)POST method with a suitable encryption mechanism (3)Stored procedure (4)SUBMIT method with a state-of-the-art encryption algorithm Answer:-(2)POST method with a suitable encryption mechanism

Discussion

Explore topic-wise InterviewSolutions in .

Through a successful format-string attack against a web application, an attacker is able to execute which of the followi

Which of the following is not an authorization type?

Which of the following are secure programming guidelines?

Which of the following is a security advantage of managed code over unmanaged code?

Identify the correct statement in the following in secure programming questions:

Identify the correct statement in the following in secure programming

Temporarily files created by applications can expose confidential data if

It is a good programming practice to prevent caching of sensitive data at client or proxies, by implementing which of the following?

Which of the following algorithm/encryption method is the

One of the main disadvantages of integrating cryptography into applications is:

To improve the overall quality of web applications, developers should abide by which of the following rules?

Identify the correct statement in the following in secure programming questions

Which of the following is not recommended to secure web applications against authenticated users?

From application security perspective, why should a CAPTCHA be used in a web application?

Which of the following is the best approach to use when providing access to an SSO application in a portal?

Which of the following is true about improper error handling?

Security check can be enforced at compile time by:

Securing a database application with username/password access control should be considered sufficient:

Proprietary protocols and data formats are:

Which of the following is not an appropriate method to make an authentication mechanism secure?

Which of the following is not an authentication method?

If an attacker submits multiple input parameters (query string, post data, cookies, etc) of the same name, the application may react in unexpected way

Setting the cookie flag to which of the following mode is a good programming practice?

Authentication and session management are security concerns of which of the following programming languages?

Secure practices for access control include which of the following?

There are various HTTP authentication mechanisms to authenticate a user. Login credentials are sent to the web server in clear text, in which of the f

What is the purpose of Audit Trail and Logging?

On logout, how should an application deal with session cookies?

A race condition in a web server can cause which of the following?

When valuable information has to be transmitted as part of a client request, which of the following mode should be used?