TCS SSA E1 Developer Assessment Quiz Solution

Q1. In context of SSO, claims refers to:

Select the correct options.
a. information about the Identity, generally presented as key-value pairs 

b. Relationship between Service Provider (SP) & Identity Provider (IdP) 

c.Relationship between Identity & Identity Provider 

d. None of the Above

Answer: a. Information about the Identity, generally presented as key-value pairs.

Explanation: So, the correct option is the first one. Claims are the pieces of information about the user's identity that are transferred from the Identity Provider (IdP) to the Service Provider (SP) during the SSO process.

Q2. Which of the following is a disadvantage of single sign-on? Select the correct options

a. Consistent time-out enforcement across platforms

b. A compromised password which exposes all authorized resources

c. Use of multiple passwords

d. Password change control

Answer: A compromised password which exposes all authorized resources.

Explanation: SSO can be riskier in terms of security because if a user's SSO credentials are compromised, it can potentially provide unauthorized access to multiple resources or services. The other options mentioned are not typically disadvantages of SSO.

Q3. Which of the following is not a cryptographic hash function?
a. RIPEMD 

b. SHA-1

c. Blowfish

d.MD5

Answer: c. Blowfish

Explanation: Blowfish is not a cryptographic hash function. Blowfish is a symmetric-key block cipher, not a hash function. The other options (RIPEMD, SHA-1, and MD5) are cryptographic hash functions.

Q4. Which amongst the following data validation strategy models listed below is the weakest one ?
a. Exact Match (Constrain)

b. Encode Known bad (Sanitize)

c. Known Good (Accept)

d. Reject Known bad (Reject)

e. All of the above

Answer: b. Encode Known bad (Sanitize)

Explanation: This strategy attempts to encode or modify known bad data to make it safe, but it may not catch all possible malicious inputs, making it weaker compared to the other options that explicitly focus on matching, accepting, or rejecting data based on known criteria.

Q5. Stream Cipher is an example of?
a. Symmetric Key Cryptography

b. Asymmetric Key Cryptography

c. Hashing Function

d.None of the above

Answer: a. Symmetric Key Cryptography

Explanation: A Stream Cipher is an example of Symmetric Key Cryptography. Stream ciphers use a single key to encrypt and decrypt data, and this key is shared between the sender and receiver, making it a form of symmetric cryptography.

Q6. Which of the following is the least secure method of authentication?
a. Keycard

b. Fingerprint

c. Retina

d.Password

Answer: d.Password

Explanation: Among the options provided, a password is generally considered the least secure method of authentication. Passwords can be relatively easier to guess, crack, or steal compared to biometric methods like fingerprint or retina scans, and they can be vulnerable to various attacks such as brute force, dictionary attacks, and credential stuffing. Biometric methods like fingerprint and retina scans are typically more secure because they are based on unique physical characteristics of an individual. Keycards can vary in security depending on how they are implemented and managed.

Q7. Buffer Overflow threat can be identified using threat modeling. State True or False? 
a. True

b. False

c. Not Relevant

d. Depends on application

Answer: a.True

Explanation: Buffer overflow threats can indeed be identified and mitigated through threat modeling. Threat modeling is a systematic approach to identifying and evaluating potential security threats and vulnerabilities in an application or system. Buffer overflow vulnerabilities can be detected and addressed during this process by analyzing the application's design and code to identify areas where improper handling of data inputs could lead to buffer overflow issues.

Q8. Which of the following is a security advantage of managed code over unmanaged code?
a. Size of the attack surface

b. Number of roles

c. Number of lines of code

d. Size of the chroot jail

e. No advantage

Answer: a. Size of the attack surface

Explanation: Managed code typically has a smaller attack surface compared to unmanaged code because it provides memory management and security features, such as type safety and bounds checking, which can help mitigate common vulnerabilities like buffer overflows. This reduces the potential entry points for attackers to exploit.

Q9. Line of Code metrics include commented out code and spaces?
a. True

b. False

Answer: a. False

Explanation: Line of Code (LOC) metrics typically do not include commented out code and spaces. LOC metrics usually count only the lines of code that contain actual executable statements, excluding comments and whitespace. This is because comments and whitespace do not contribute to the functionality of the code and are not considered part of the codebase when measuring metrics like LOC.

Q10. What from the following verifies correctness, completeness and robustness of the design?
a. Secure Design

b. Security Requirements

c. Security Testing

d. Security Sign Off

Answer: c. Security Testing

Explanation: Security Testing verifies correctness, completeness, and robustness of the design. Security testing involves evaluating the design and implementation of a system or application to ensure it meets security requirements, is free from vulnerabilities, and functions as intended. This process helps verify the correctness, completeness, and robustness of the security measures in place.