SSA E1 Tester Assessment 67031 Questions
1Q: Software is considered as “Secure” when:
a) It does exactly what it is expected to
b) It does not do what it is not expected to
c) It does what it is expected to and does not do what it is not expected to
d) It can not be defined
Answer: It does what it is expected to and does not do what it is not expected to
2Q: Team must monitor for libraries and components that are unmaintained or do not create security patches for older versions.
a) True
b) False
Answer: True
3Q: A potential occurrence, malicious or otherwise, that might damage or compromise assets.
a) Threat
b) Asset
c) Vulnerability
d) Countermeasure/Control
Answer: Threat
4Q: State True or False: Software Security Assurance can be achieved if the efforts, activities and controls are implemented and verified for establishing Confidentiality, Integrity, Availability & Accountability.
a) True
b) False
Answer : True
5Q: What remains the same in both internal and external testing?
a) The target
b) The attacker
Answer: The target
6Q: Which attack can execute scripts in the user’s browser and is capable of hijacking user sessions, defacing websites, or redirecting the user to malicious sites?
a) SQL Injection
b) Cross site scripting
c) Man-in-the-middle
d) Malware Uploading
Answer: Cross site scripting
7Q: Role-Based Access control helps prevent which OWASP Top 10 weakness?
a) Broken Access Control
b) Unvalidated Redirect or Forward
c) Security Misconfiguration
d) Insufficient Transport Layer Protection
Answer: Broken Access Control
8Q: What does PII stand for?
a) Private Identity Information
b) Private Image Information
c) Personally Identifiable Information
d) None of the above
Answer: Personally Identifiable Information
9Q: The password database uses unsalted or simple hashes to store everyone’s passwords. A file upload flaw allows an attacker to retrieve the password database. This can lead to?
a) Denial of access
b) Sensitive Data Exposure
c) Session Hijacking
d) Cross Site Request Forgery
Answer: Sensitive Data Exposur
10Q: Which of the following is used to retain integrity in a software?
a) Encryption
b) Hashing
c) Recovery
d) Redundancy
Answer: Hashing
11Q: Below assessments are part of information security:
a) Threat assessment
b) Threat modeling
c) Bug bounty
d) All of the above
e) None of above
Answer: All of the above
SSA E1 Tester Assessment 67031 MCQS
12Q: Race, Ethnicity, Trade Union membership are
a) PII data
b) SPI data
c) not part of privacy data
Answer: SPI data
13Q: Which of the following is used to retain confidentiality in a software?
a) Encryption
b) Hashing
c) Redundancy
d) None of the above
Answer: Encryption
14Q: What are imitation of SAST?
a) Requires access to source code
b) Large number of false positives
c) Not effective to detect configuration related issues
d) All of them
Answer: All of them
15Q: Process which assembles and analyzes several events, each attributable to a single originating entity, in order to gain information (especially patterns of activity) relating to the originating entity is known as:
a) Profiling
b) Tracking
c) Investigating
d) All of the above
e) Option 1 & 2 only
Answer: Profiling
16Q: Which of the following is a hacker’s attempt to redirect traffic from a legitimate website to a completely different internet address by changing the host’s file on a victim’s computer or by exploiting a vulnerability on the DNS server?
a) Harvesting
b) Phishing
c) Pharming
d) All of the above
e) None of the above
Answer: Pharming
17Q: Impact of Injection attacks?
a) Data Loss
b) Denial of access
c) Disclosure
d) All of the above
Answer: All of the above
18Q: Which of the following can lead to leakage of private data?
a) Cookies
b) Cache history
c) Email spams and attachments
d) All of the above
e) None of the above
Answer: All of the above
19Q: A corporate Red Team (internal or external) is a continuous service that emulates real-world attackers for the purpose of improving the Blue Team.
a) True
b) False
Answer: True
SSA E1 Tester Assessment 67031 MCQS
20Q: Organizations should protect personal information by which of the following methods:
a) Physical measures, for example, locked filing cabinets and restricted access to offices.
b) Organizational measures, for example, security clearances and limiting access on a “need-to-know” basis..
c) Technological measures, for example, the use of passwords and encryption.
d) All of the above
e) None of the above
Answer: All of the above
21Q: saves time and resources, but is not accurate or professional.
a) Automated pentesting
b) Manual testing
c) Both
d) None of the above
Answer: Automated pentesting
22Q: What Happens When An Application Takes User Inserted Data And Sends It To A Web Browser Without Proper Validation And Escaping?
a) SQL Injection
b) Security Misconfiguration
c) Cross site scripting
d) Unvalidated Redirects and Forwards
Answer: Cross site scripting
23Q: Information gathering can have following?
a) port scanners
b) packet sniffers
c) Snooping methods
d) All of the above
e) None of above
Answer: All of the above
24Q: Financial data protection falls under which of the privacy Law?
a) GDPR
b) PCI DSS
c) CCPA
d) HIPPA
Answer : PCI DSS
25Q: In—-Reconnaissance an intruder engages directly with the targeted system to gather information about vulnerabilities.
a) Active
b) Passive
c) Both
d) None of the above
Answer: Active
26Q: —-is a process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified, enumerated, and mitigations can be prioritized.
a) Vulnerability Assessment
b) Penetration Testing
c) Threat Modeling
d) Risk Assessment
Answer: Vulnerability Assessment
27Q: Which of the following best describes how to sign a document using a digital signature?
a) Create a hash of the document and encrypt the resulting hash using the signer’s private key
b) Encrypt the document using the signer’s private key
c) Encrypt the document using the signer’s private key and create a hash of the encrypted document
d) Encrypt the document using the signer’s public key
Answer: Create a hash of the document and encrypt the resulting hash using the signer’s private key
28Q: Key attribute of audit:
a) To map a current state against an arbitrary standard.
b) To find vulnerabilities and fix them
c) Both
d) None of the above
Answer: To map a current state against an arbitrary standard.
29Q: Can be performed to test how vulnerability can be exploited.
a) PenTesting
b) Vulnerability assessment
c) Threat Modeling
d) None of the above
Answer: PenTesting
30Q: The security policy should cover details such as?
a) security strategies
b) password management policies
c) data backup plans
d) security update/patch timelines
e) All of the above
f) None of above
Answer: All of the above
31Q: A scan that checks a system for known vulnerabilities.
a) Vulnerability
b) Availability
c) Security Triad
d) Vulnerability Scan
Answer: Vulnerability Scan
32Q: What helps in detecting irregular behavior in production?
a) Continuous monitoring
b) Continuous Deployment
c) Both
d) None
Answer: Continuous monitoring
33Q: Which one of the issue can be considered as Security misconfiguration?
a) Error Handling
b) Directory Listing
c) Broken Access Control
d) All of the above
Answer: All of the above
34Q: Development, QA, and production environments should all be configured identically, with each environment. credentials used in
a) Similar
b) Different
Answer: Different
35Q: JWT tokens should be invalidated on the server after logout.
a) True
b) False
Answer: True
36Q: Reconnaissance is often the early phase of a structured internal or external attack.
a) True
b) False
Answer: True
37Q: TCS SSA takes care of the threats to the systems and softwares from?
a) Insiders
b) Outsiders
c) Both of them
d) None of the above
Answer: Both of them
SSA E1 Tester Assessment 67031 Frequent Asked Questions | Course 67031 Assessment
Follow On YouTube For Video Course SSA E1 Tester Assessment 67031 SSA E1 Developer Assessment 67033
SSA E1 Tester Assessment 67031 MCQS