SSA E1 Developer assessment answers tcs | Course ID 67033 | TCS Courses | Certifications | Questions& Answers
SSA E1 Developer Assessment Latest Questions 2024
1 What is the purpose of Audit Trail and Logging?
Ans: All of the above
2 Which one is not a part of Microsoft STRIDE method
for rating risk while creating threat model for
an application?
Ans: Security.
3 The process by which different equivalent forms of a
name can be
Ans: Canonicalization
4 Stream Cipher is example of
Ans: Symmetric Key Cryptography
5 Diffie-Hellman algorithm is used for?
Ans: Asymmetric Encryption
6 What does a Cross Site Scripting vulnerability allow
an attacker to do?
Ans: Execute a malicious script on the Web server
7 The use of proper security techniques can:
Ans: Minimize the threat of attackers
8 An attacker attempts a denial-of-service
attack by including a potentially endless file.
This can happen due to?
Ans: XML External Entities(XXE)
9 Which among the following is not a step
in Threat Modeling process?
Ans: Identify Security Objectives
10 Confidentiality deals with agreement while privacy
deals with sensitivity.
Ans: True
SSA E1 Developer Assessment video courses on You Tube
11 To prevent against Insufficient Logging
& Monitoring we should:
Ans: All of the above
12 What flaw can lead to exposure of resources
or functionality to unintended actors?
Ans: Improper Authentication
13 Digital signature of a person varies from
document to document. State True or False.
Ans: True
14 How can an attacker use the information
gained by an SQL debug message from an application
to cause harm to it?
Ans: Can potentially understand the query’s
structure and then script attack vectors
15 It is easy to develop secure sessions
with sufficient entropy
Ans: False
16 Which of the following options is not an
appropriate way to make authentication
mechanism secure?
Ans: Provide default access
17 Buffer Overflow threat can be identified
using threat modeling. State True or False.
Ans: True
18 The application or API stores unsensitized
user input that is viewed at a later time by
another type of XSS it is?
Ans: Stored XSS
19 Defining Role Matrix “Role> Functionality>
Data” is a part of which phase of SSA?
Ans: Architecture/Design Security Analysis & Review
20 Argon2, scrypt , bcrypt , or PBKDF2- What
are these used for?
Ans: Password Hashing
SSA E1 Developer Assessment Don’t miss any latest courses check out website Blogs
21 How can a confidential message be securely distributed?
Ans: Encrypting the message with the receiver’s public key
22 Team must monitor for libraries and components that are
unmaintained or do not create security patches
Ans: True
23 What does the associate need to know as part of the
Software Security Education?
Ans: All of the above
24 The acronym of CVSS in threat Modelling is known as?
Ans: Common Vulnerability Scoring System
25 Thresholds for stable code as per Cyclomatic complexity
Ans: 0-10
26 Identify incorrect statement from the following:
Ans: None of the Above
27 Message Authentication Code (MAC) uses
Ans: Symmetric Key
28 Which vulnerability can lead to Denial-of-Service attack?
Ans: Cross site scripting
29 Infrastructure VA is part of which phase of TCS SSA?
Ans: Deployment/Release Security Review
30 Which of the following is used to prevent Clickjacking?
Ans: X Frame Options Http header
SSA E1 Developer Assessment Free Questions
31 One of the main disadvantages of integrating cryptography
into application is:
Ans: Possible denial of service if the keys are corrupted
32 Which amongst the following data validation strategy
models listed below is the weakest one?
Ans: All of the above
33 How are “SSO” and “Identity Management” (JDM) related
to each other?
Ans: B&C
34 The following can be classified as which kind of threat
as per Microsoft STRIDE threat classification model? Modifying
on disk or DVD or a packet as it traverses the LAN
Ans: Tampering
35 What are the popular threat modeling techniques? A Entry
point identification b) privilege
Ans: All the above
36 In a typical SSO solution, what is a “Service Provider”?
Ans: A&C
37 Error handling reveal stack traces or other overly
informative error message to users. This will be categorized
under Security Misconfiguration?
Ans: True
38 Which of the following is the least secure method of
authentication?
Ans: Password
39 Which of the following are threats of cross site
scription on the authentication page? – SSA E1 Developer Assessment
Ans: All of these
40 Which of the following is faster in Encryption?
Ans: Symmetric Encryption
Check our website for more courses like SSA E1 developer assessment
41 What from the following verifies correctness,
completeness and robustness of there de
Ans: Security Testing
42 CAPTCHA stands for which of the following:
Ans: Completely Automated Public Turing test to
tell Computers and Humans Apart
43 Block Cipher is example of
Ans: Symmetric Key Cryptography
44 Which of the following activities are related
to Application Security?
Ans: All of the above
45 Files temporarily created by applications can
expose confidential data if
Ans: File permissions are not set appropriately
46 The first step in Threat Modeling is to
Ans: Identify Threats
47 Which of the following is used to retain
integrity in a software?
Ans: Redundancy
48 JWT stands for?
Ans: JSON Web Tokens
49 If you have a set of SSO-enabled applications which are
accessible via variety of smartphones, tablets and other mit
“mobile” devices, you have to now deal with a relatively higher
security risk associated with SSO as compared to the times when
those applications were accessible ONLY via laptops or desktops.
State True or false.
Ans: True
50 Input validations must be based on (SSA E1 Developer Assessment)
Ans: Whitelisting
Post a comment About this ssa e1 developer assessment article
51 What is the type of flaw that occurs when untrusted
user-entered data is sent to the interpreter as part of
a query or command?
Ans: Injection
52 What from the following are part of Security Incident Response?
Ans: Communicating about the incident to the customer(s),
Identify Compromised System/Software/Application, Faxing
53 What is Single Sign-On (SSO)?
Ans: A mechanism that enables a user to sign-in/login/authenticate
to an application/system with his condemnonym seamlessly access
other applications/systems available in the same domain of trust
(eg. intranet portal of a special sit the need to re-login with
the credentials again.
54 Below code is example for which attack?
http://application/jsp/HomePage.jsp?sessionid=12345&User=
Ans: Cross Site Scripting
55 Which of the following type of testing is carried out
based on the threat mitigation plan generated during
threat modeling?
Ans: Penetration Testing
56 The first step in Threat Modeling is to
Ans: Identify Threats
57 What is not a best practice for password policy?
Ans: Never change password
58 Which mechanism will make sure that data transmission is secure?
Ans: HTTPS + Encrypting sensitive data
59 Which of the following is a digital signature algorithm?
Ans: RSA-based signature schemes
SSA E1 Developer Assessment TCS article contains 60 questions which can help you to clear the course in no time. please let us know if you have any suggestions for us.