SSA E1 Tester Assessment Answers 67031

This article contains key questions and verified answers from the SSA E1 Tester Assessment (67031) conducted by TCS (Tata Consultancy Services). Use this guide to prepare, revise, and assess your understanding of software security assurance principles.

1. Software is considered as "Secure" when:

Answer: It does what it is expected to and does not do what it is not expected to

2. Team must monitor for libraries and components that are unmaintained or do not create security patches for older versions

Answer: True

3. Software Security Assurance can be achieved if the efforts, activities and controls are implemented and verified for establishing Confidentiality, Integrity, Availability & Accountability.

Answer: True

4. What remains the same in both internal and external testing?

Answer: The target

5. Which attack can execute scripts in the user's browser and is capable of hijacking user sessions, defacing websites, or redirecting the user to malicious sites?

Answer: Cross-site scripting

6. Role-Based Access control helps prevent which OWASP Top 10 weakness?

Answer: Broken Access Control

7. What does PII stand for?

Answer: Personally Identifiable Information

8. The password database uses unsalted or simple hashes to store everyone’s passwords. A file upload flaw allows an attacker to retrieve the password database. This can lead to?

Answer: Sensitive Data Exposure

9. Which of the following is used to retain integrity in software?

Answer: Hashing

10. Below assessments are part of information security:

Answer: All of the above

11. Race, Ethnicity, Trade Union membership are

Answer: SPI data

12. Which of the following is used to retain confidentiality in software?

Answer: Encryption

13. What are limitations of SAST?

Answer: All of them

14. Process which assembles and analyzes several events, each attributable to a single originating entity, in order to gain information (especially patterns of activity) relating to the originating entity is known as:

Answer: Profiling

15. Which of the following is a hacker's attempt to redirect traffic from a legitimate website to a completely different internet address by changing the host’s file on a victim's computer or exploiting a vulnerability on the DNS server?

Answer: Pharming

16. Impact of Injection attacks?

Answer: All of the above

17. Which of the following can lead to leakage of private data?

Answer: All of the above

18. A corporate Red Team (internal or external) is a continuous service that emulates real-world attackers for the purpose of improving the Blue Team.

Answer: True

19. Organizations should protect personal information by which of the following methods?

Answer: All of the above

20. Saves time and resources, but is not accurate or professional

Answer: Automated pentesting

21. Information gathering can have following?

Answer: All of the above

22. Financial data protection falls under which of the privacy standards?

Answer: PCI DSS

23. In-Reconnaissance, an intruder engages directly with the targeted system to gather information about vulnerabilities

Answer: Active

24. It is a process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified, enumerated, and mitigations can be prioritized.

Answer: Vulnerability Assessment

25. Which of the following best describes how to sign a document using a digital signature?

Answer: Create a hash of the document and encrypt the resulting hash using the signer's private key

26. Key attribute of audit:

Answer: To map a current state against an arbitrary standard

27. Can be performed to test how a vulnerability can be exploited

Answer: PenTesting

28. The security policy should cover details such as?

Answer: All of the above

29. A scan that checks a system for known vulnerabilities

Answer: Vulnerability Scan

30. What helps in detecting irregular behavior in production?

Answer: Continuous monitoring

31. Which one of the issues can be considered as Security misconfiguration?

Answer: All of the above

32. Development, QA, and production environments should all be configured identically, with each environment’s credentials used in

Answer: Different

33. JWT tokens should be invalidated on the server after logout

Answer: True

34. Reconnaissance is often the early phase of a structured internal or external attack.

Answer: True

35. TCS SSA takes care of the threats to the systems and software from?

Answer: Both of them

SSA E1 Tester Assessment Answers 67031 - TCS

Author: neptune | 08th-Aug-2025

1. Software is considered as "Secure" when:

2. Team must monitor for libraries and components that are unmaintained or do not create security patches for older versions

3. Software Security Assurance can be achieved if the efforts, activities and controls are implemented and verified for establishing Confidentiality, Integrity, Availability & Accountability.

4. What remains the same in both internal and external testing?

5. Which attack can execute scripts in the user's browser and is capable of hijacking user sessions, defacing websites, or redirecting the user to malicious sites?

6. Role-Based Access control helps prevent which OWASP Top 10 weakness?

7. What does PII stand for?

8. The password database uses unsalted or simple hashes to store everyone’s passwords. A file upload flaw allows an attacker to retrieve the password database. This can lead to?

9. Which of the following is used to retain integrity in software?

10. Below assessments are part of information security:

11. Race, Ethnicity, Trade Union membership are

12. Which of the following is used to retain confidentiality in software?

13. What are limitations of SAST?

14. Process which assembles and analyzes several events, each attributable to a single originating entity, in order to gain information (especially patterns of activity) relating to the originating entity is known as:

15. Which of the following is a hacker's attempt to redirect traffic from a legitimate website to a completely different internet address by changing the host’s file on a victim's computer or exploiting a vulnerability on the DNS server?

16. Impact of Injection attacks?

17. Which of the following can lead to leakage of private data?

18. A corporate Red Team (internal or external) is a continuous service that emulates real-world attackers for the purpose of improving the Blue Team.

19. Organizations should protect personal information by which of the following methods?

20. Saves time and resources, but is not accurate or professional

21. Information gathering can have following?

22. Financial data protection falls under which of the privacy standards?

23. In-Reconnaissance, an intruder engages directly with the targeted system to gather information about vulnerabilities

24. It is a process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified, enumerated, and mitigations can be prioritized.

25. Which of the following best describes how to sign a document using a digital signature?

26. Key attribute of audit:

27. Can be performed to test how a vulnerability can be exploited

28. The security policy should cover details such as?

29. A scan that checks a system for known vulnerabilities

30. What helps in detecting irregular behavior in production?

31. Which one of the issues can be considered as Security misconfiguration?

32. Development, QA, and production environments should all be configured identically, with each environment’s credentials used in

33. JWT tokens should be invalidated on the server after logout

34. Reconnaissance is often the early phase of a structured internal or external attack.

35. TCS SSA takes care of the threats to the systems and software from?