Course name : SSA E1 Administrator Assessment Answers | Course id 66767 |
Course name : SSA E1 Administrator Assessment Answers | Course id 66767 | Questions (1-10)
1. Which of the following is a good practice?
Answer : Grant limited permission to specified account
2. State True or False: TCS SSA has defined the required processes,
templates, guidelines, checklists & resources to achieve Security Assurance.
Answer: True
3. Sand-boxing does what to computer programs?
Answer : Sandboxes protect your programs by isolating
all the other programs except the one you are using at the time
4. Which of these following statements about consent is false:
Answer : Organizations can generally rely on implied consent
when the information is likely to be considered sensitive.
5. To design client-side configuration tests each user category
is assessed to reduce the number of configuration variables to a
manageable number.
Answer : True
6. Which mechanism will make sure that data transmission is secure?
Answer : HTTPS + Encrypting sensitive data
7. What activities are part of Deployment/Release Security Review?
Answer : Verify Binary Integrity; Target System Alteration Analysis;
Infrastructure VA; Patching and Upgradation Plan
8. SSL primarily focuses on
Answer: Confidentiality and integrity
9. What is not a good practice for user administration?
Answer: Using telnet and FTP for remote access
10. State True or False: Software Security Assurance can be achieved
if the efforts, activities and controls are implemented and verified
for establishing Confidentiality, Integrity, Availability & Accountability
Answer: True
Course name : SSA E1 Administrator Assessment Answers | Course id 66767 | Questions (11-20)
11. Infrastructure VA is part of which phase of TCS SSA?
Answer : Deployment/Release Security Review
12. Config can have following format. (SSA E1)
Answer: All of the above
13. When an attempt is to make a machine or network resource unavailable
to its intended users, the attack is called
Answer : Denial-of-service attack
14. TCP Extract can be used to pull Pcap Data.
Answer: False
15. Which of the following indicates attempting to gain access to a system
by using a false identity?
Answer : Spoofing
16. Network forensics is concerned with the monitoring and analysis of
computer network traffic of?
Answer : Both
17. Impact of Injection attacks?
Answer: All of the above
18. TCS Software Security Assurance Process Framework provides
confidence to the stake holders on what parameters?
Answer : Software will consistently demonstrate robustness
even when it is abused or attacked maliciously or unintentionally
19.Verify that XML or XSL file upload functionality validates
incoming XML using XSD validation.
Answer : True
20. The digital forensic process encompasses collected evidence
for the benefit of courts or an employer.
Answer: True
Course name : SSA E1 Administrator Assessment Answers | Course id 66767 | Questions (21-30)
21. Record traffic file is available in format.
Answer : PCap
22. Using POST requests with hidden form fields provides a
significant level of protection against attackers who want to
tamper with requests. (SSA E1)
Answer: False
23. How does Device fingerprinting help in protecting private information?
Answer : All of the above
24. As per PCI DSS standards, which of the following Card Holder
Data should not be stored (even if encrypted)?
Answer : Option 3 & 4
25. Defining Role Matrix “Role > Functionality > Data” is a part
of which phase of SSA?
Answer : Architecture/Design Security Analysis & Review
26. What are the activities involved in the phase Secure Code
Construction & Security Code Review?
Answer : All of the above
27. Which of the following is a hacker’s attempt to redirect traffic
from a legitimate website to a completely different internet
address by changing the host’s file on a victim’s computer or
by exploiting a vulnerability on the DNS server?
Answer : Pharming
28. Identify reasons why TCS has adopted data protection
program 1. Customer and market expectations 2. Competitive Differentiation 3. Risk Landscape 4. Legal Obligation
Answer : 1,2,3,4
29. State the correct statement.
Answer : Estimation of Software Security related Budget and
Efforts is a key parameter in delivering secure software
30. We can allow client-side scripts to execute in the browsers
for needed operations. (SSA E1)
Answer : True
Course name : SSA E1 Administrator Assessment Answers | Course id 66767 | Questions (31-40)
31. When recording customer telephone calls, which one of these
statements is False?
Answer : Organizations must inform the individual that the call
may be recorded but not the purpose for which the information will be used.
32. If a non-admin can access the admin page, this is due to issue in
Answer : Authorization
33. Phishing is essentially another form of:
Answer : Social engineering
34. What are remedies to secure against components using known
vulnerabilities?
Answer : All of the above
35. Development, QA, and production environments should all be
configured identically, with each environment. credentials used in
Answer : Different
36 The more you can approach an incident response process as a
business process – from every angle, and with every audience
Answer : the more successful you will be
Course name : SSA E1 Administrator Assessment Answers | Course id 66767
37. The code segment that misuses its environment is called
Answer : trojan horse
38. Which of the following can be best described as spoofing?
Answer : Pretending to be someone or something else
39 PII does not include information that is collected anonymously.
Answer : True
40. Which of the following is used to retain confidentiality in a software?
Answer : Encryption
Kindly let us know in the comments how you like this post – SSA E1 Administrator Assessment Answers.
Follow us in YouTube for video course SSA E1 Administrator Assessment Answers.
Follow us in Telegram for pdf courses of SSA E1 Administrator Assessment Answers.
Follow our Blogs for more latest courses.
Course name : SSA E1 Administrator Assessment Answers | Course id 66767