SSA E1 Tester Assessment Answers 67031 - TCS

Author: neptune | 08th-Aug-2025

This article contains key questions and verified answers from the SSA E1 Tester Assessment (67031) conducted by TCS (Tata Consultancy Services). Use this guide to prepare, revise, and assess your understanding of software security assurance principles.


1. Software is considered as "Secure" when:

Answer: It does what it is expected to and does not do what it is not expected to


2. Team must monitor for libraries and components that are unmaintained or do not create security patches for older versions

Answer: True



3. Software Security Assurance can be achieved if the efforts, activities and controls are implemented and verified for establishing Confidentiality, Integrity, Availability & Accountability.

Answer: True


4. What remains the same in both internal and external testing?

Answer: The target



5. Which attack can execute scripts in the user's browser and is capable of hijacking user sessions, defacing websites, or redirecting the user to malicious sites?

Answer: Cross-site scripting


6. Role-Based Access control helps prevent which OWASP Top 10 weakness?

Answer: Broken Access Control



7. What does PII stand for?

Answer: Personally Identifiable Information


8. The password database uses unsalted or simple hashes to store everyone’s passwords. A file upload flaw allows an attacker to retrieve the password database. This can lead to?

Answer: Sensitive Data Exposure


9. Which of the following is used to retain integrity in software?

Answer: Hashing



10. Below assessments are part of information security:

Answer: All of the above


11. Race, Ethnicity, Trade Union membership are

Answer: SPI data


12. Which of the following is used to retain confidentiality in software?

Answer: Encryption



13. What are limitations of SAST?

Answer: All of them


14. Process which assembles and analyzes several events, each attributable to a single originating entity, in order to gain information (especially patterns of activity) relating to the originating entity is known as:

Answer: Profiling



15. Which of the following is a hacker's attempt to redirect traffic from a legitimate website to a completely different internet address by changing the host’s file on a victim's computer or exploiting a vulnerability on the DNS server?

Answer: Pharming


16. Impact of Injection attacks?

Answer: All of the above


17. Which of the following can lead to leakage of private data?

Answer: All of the above



18. A corporate Red Team (internal or external) is a continuous service that emulates real-world attackers for the purpose of improving the Blue Team.

Answer: True


19. Organizations should protect personal information by which of the following methods?

Answer: All of the above


20. Saves time and resources, but is not accurate or professional

Answer: Automated pentesting


21. Information gathering can have following?

Answer: All of the above



22. Financial data protection falls under which of the privacy standards?

Answer: PCI DSS


23. In-Reconnaissance, an intruder engages directly with the targeted system to gather information about vulnerabilities

Answer: Active


24. It is a process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified, enumerated, and mitigations can be prioritized.

Answer: Vulnerability Assessment



25. Which of the following best describes how to sign a document using a digital signature?

Answer: Create a hash of the document and encrypt the resulting hash using the signer's private key


26. Key attribute of audit:

Answer: To map a current state against an arbitrary standard


27. Can be performed to test how a vulnerability can be exploited

Answer: PenTesting



28. The security policy should cover details such as?

Answer: All of the above


29. A scan that checks a system for known vulnerabilities

Answer: Vulnerability Scan


30. What helps in detecting irregular behavior in production?

Answer: Continuous monitoring



31. Which one of the issues can be considered as Security misconfiguration?

Answer: All of the above


32. Development, QA, and production environments should all be configured identically, with each environment’s credentials used in

Answer: Different


33. JWT tokens should be invalidated on the server after logout

Answer: True



34. Reconnaissance is often the early phase of a structured internal or external attack.

Answer: True


35. TCS SSA takes care of the threats to the systems and software from?

Answer: Both of them