Secure Programming Practices - Quiz

  • AIdentifying all possible erroneous inputs, and managing how an application responds to them.
  • BCommercial runtime environments that contain tools to record debugging information from memory at the time of the exception, to provide 'root-cause' analysis information later.
  • CDuring application execution, if certain special conditions. met, a specific subroutine 'exception handler' is called.
  • DAll the above options
  • ANumber of roles
  • BNumber of lines of code
  • CSize of the attack surface
  • DSize of the chroot jail
  • AUser Access Control
  • BMandatory Access Control
  • CRole-based Access Control
  • DDiscretionary Access Control
  • AA) Security is a technical problem and is the responsibility of the security manager.
  • BB) Customer trust, reputation, financial, compliance, and privacy are the major reasons to implement a software security program.
  • CC) To secure online data, build secure software. D) All the above options
  • DE) A and B
  • ABusiness workflow
  • BRole-based access
  • CAuthorization on each request
  • DAll the above options
  • AWrite only certain areas using tokens
  • BRead certain memory areas using the %s token
  • CRead and write to memory at will
  • DAll the above options
  • AA) Enabling all compiler warnings, and paying attention to these warnings
  • BB) Writing code for large projects.F) None of the above optionsD) Adding debug traces to code.
  • CC) Checking all pointer against null(0) values before using them.
  • DE) A) and C)
  • AFiltering data with a default deny regular expression
  • BClient-side data validation
  • CUsing parameterized queries to access a database
  • DRunning the application with least privileges