SSA E1 Developer Quiz solution
Author: neptune | 11th-Feb-2024
Q1. In context of SSO, claims refers to:
Select the correct options.
a. information about the Identity, generally presented as key-value pairs
b. Relationship between Service Provider (SP) & Identity Provider (IdP)
c.Relationship between Identity & Identity Provider
d. None of the Above
Answer: a. Information about the Identity, generally presented as key-value pairs.
Explanation: So, the correct option is the first one. Claims are the pieces of information about the user's identity that are transferred from the Identity Provider (IdP) to the Service Provider (SP) during the SSO process.
Q2. Which of the following is a disadvantage of single sign-on? Select the correct options
a. Consistent time-out enforcement across platforms
b. A compromised password which exposes all authorized resources
c. Use of multiple passwords
d. Password change control
Answer: A compromised password which exposes all authorized resources.
Explanation: SSO can be riskier in terms of security because if a user's SSO credentials are compromised, it can potentially provide unauthorized access to multiple resources or services. The other options mentioned are not typically disadvantages of SSO.
Q3. Which of the following is not a cryptographic hash function?
a. RIPEMD
b. SHA-1
c. Blowfish
d.MD5
Answer: c. Blowfish
Explanation: Blowfish is not a cryptographic hash function. Blowfish is a symmetric-key block cipher, not a hash function. The other options (RIPEMD, SHA-1, and MD5) are cryptographic hash functions.
Q4. Which amongst the following data validation strategy models listed below is the weakest one ?
a. Exact Match (Constrain)
b. Encode Known bad (Sanitize)
c. Known Good (Accept)
d. Reject Known bad (Reject)
e. All of the above
Answer: b. Encode Known bad (Sanitize)
Explanation: This strategy attempts to encode or modify known bad data to make it safe, but it may not catch all possible malicious inputs, making it weaker compared to the other options that explicitly focus on matching, accepting, or rejecting data based on known criteria.
Q5. Stream Cipher is an example of?
a. Symmetric Key Cryptography
b. Asymmetric Key Cryptography
c. Hashing Function
d.None of the above
Answer: a. Symmetric Key Cryptography
Explanation: A Stream Cipher is an example of Symmetric Key Cryptography. Stream ciphers use a single key to encrypt and decrypt data, and this key is shared between the sender and receiver, making it a form of symmetric cryptography.
Q6. Which of the following is the least secure method of authentication?
a. Keycard
b. Fingerprint
c. Retina
d.Password
Answer: d.Password
Explanation: Among the options provided, a password is generally considered the least secure method of authentication. Passwords can be relatively easier to guess, crack, or steal compared to biometric methods like fingerprint or retina scans, and they can be vulnerable to various attacks such as brute force, dictionary attacks, and credential stuffing. Biometric methods like fingerprint and retina scans are typically more secure because they are based on unique physical characteristics of an individual. Keycards can vary in security depending on how they are implemented and managed.
Q7. Buffer Overflow threat can be identified using threat modeling. State True or False?
a. True
b. False
c. Not Relevant
d. Depends on application
Answer: a.True
Explanation: Buffer overflow threats can indeed be identified and mitigated through threat modeling. Threat modeling is a systematic approach to identifying and evaluating potential security threats and vulnerabilities in an application or system. Buffer overflow vulnerabilities can be detected and addressed during this process by analyzing the application's design and code to identify areas where improper handling of data inputs could lead to buffer overflow issues.
Q8. Which of the following is a security advantage of managed code over unmanaged code?
a. Size of the attack surface
b. Number of roles
c. Number of lines of code
d. Size of the chroot jail
e. No advantage
Answer: a. Size of the attack surface
Explanation: Managed code typically has a smaller attack surface compared to unmanaged code because it provides memory management and security features, such as type safety and bounds checking, which can help mitigate common vulnerabilities like buffer overflows. This reduces the potential entry points for attackers to exploit.
Q9. Line of Code metrics include commented out code and spaces?
a. True
b. False
Answer: a. False
Explanation: Line of Code (LOC) metrics typically do not include commented out code and spaces. LOC metrics usually count only the lines of code that contain actual executable statements, excluding comments and whitespace. This is because comments and whitespace do not contribute to the functionality of the code and are not considered part of the codebase when measuring metrics like LOC.
Q10. What from the following verifies correctness, completeness and robustness of the design?
a. Secure Design
b. Security Requirements
c. Security Testing
d. Security Sign Off
Answer: c. Security Testing
Explanation: Security Testing verifies correctness, completeness, and robustness of the design. Security testing involves evaluating the design and implementation of a system or application to ensure it meets security requirements, is free from vulnerabilities, and functions as intended. This process helps verify the correctness, completeness, and robustness of the security measures in place.
#JavaScript #Hackerrank #Python #Motivation #AI #React.js #Testing #Interview #SQL #Selenium #LeetCode #Problem Solving #Machine learning #Java #GPT #AWS #API #IT #Algorithms #Github #Jobs #Microservice #Certifications #Projects #Google #Django #Story #Pip #Data Science #Postman #Health #Twitter #Elon Musk #Node.js
Generative AI Made Easy: Explore Top 7 AWS CoursesAuthor: neptune | 05th-Aug-2023
#AI #AWS #Certifications
These top 7 Generative AI courses by AWS offer a pathway to explore and master the fascinating world of Generative AI...
Roadmap to AWS Certified Solutions Architect – Associate (SAA-C03)Author: neptune | 04th-Jul-2023
#AWS #Certifications
As technology continues to evolve, the demand for skilled professionals in cloud computing and architecture has seen significant growth...
AWS Certified Developer – Associate | RoadmapAuthor: neptune | 26th-Jul-2023
#AWS #Certifications
The AWS Certified Developer – Associate (DVA-C01) exam is intended for individuals who perform a developer role...
View More