SSA E1 Tester Assessment Answers 67031 - TCS

Author: neptune | 08th-Aug-2025

This article contains key questions and verified answers from the SSA E1 Tester Assessment (67031) conducted by TCS (Tata Consultancy Services). Use this guide to prepare, revise, and assess your understanding of software security assurance principles.


1. Software is considered as "Secure" when:

Answer: It does what it is expected to and does not do what it is not expected to


2. Team must monitor for libraries and components that are unmaintained or do not create security patches for older versions

Answer: True



3. Software Security Assurance can be achieved if the efforts, activities and controls are implemented and verified for establishing Confidentiality, Integrity, Availability & Accountability.

Answer: True


4. What remains the same in both internal and external testing?

Answer: The target



5. Which attack can execute scripts in the user's browser and is capable of hijacking user sessions, defacing websites, or redirecting the user to malicious sites?

Answer: Cross-site scripting


6. Role-Based Access control helps prevent which OWASP Top 10 weakness?

Answer: Broken Access Control



7. What does PII stand for?

Answer: Personally Identifiable Information


8. The password database uses unsalted or simple hashes to store everyone’s passwords. A file upload flaw allows an attacker to retrieve the password database. This can lead to?

Answer: Sensitive Data Exposure


9. Which of the following is used to retain integrity in software?

Answer: Hashing



10. Below assessments are part of information security:

Answer: All of the above


11. Race, Ethnicity, Trade Union membership are

Answer: SPI data


12. Which of the following is used to retain confidentiality in software?

Answer: Encryption



13. What are limitations of SAST?

Answer: All of them


14. Process which assembles and analyzes several events, each attributable to a single originating entity, in order to gain information (especially patterns of activity) relating to the originating entity is known as:

Answer: Profiling



15. Which of the following is a hacker's attempt to redirect traffic from a legitimate website to a completely different internet address by changing the host’s file on a victim's computer or exploiting a vulnerability on the DNS server?

Answer: Pharming


16. Impact of Injection attacks?

Answer: All of the above


17. Which of the following can lead to leakage of private data?

Answer: All of the above



18. A corporate Red Team (internal or external) is a continuous service that emulates real-world attackers for the purpose of improving the Blue Team.

Answer: True


19. Organizations should protect personal information by which of the following methods?

Answer: All of the above


20. Saves time and resources, but is not accurate or professional

Answer: Automated pentesting


21. Information gathering can have following?

Answer: All of the above



22. Financial data protection falls under which of the privacy standards?

Answer: PCI DSS


23. In-Reconnaissance, an intruder engages directly with the targeted system to gather information about vulnerabilities

Answer: Active


24. It is a process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified, enumerated, and mitigations can be prioritized.

Answer: Vulnerability Assessment



25. Which of the following best describes how to sign a document using a digital signature?

Answer: Create a hash of the document and encrypt the resulting hash using the signer's private key


26. Key attribute of audit:

Answer: To map a current state against an arbitrary standard


27. Can be performed to test how a vulnerability can be exploited

Answer: PenTesting



28. The security policy should cover details such as?

Answer: All of the above


29. A scan that checks a system for known vulnerabilities

Answer: Vulnerability Scan


30. What helps in detecting irregular behavior in production?

Answer: Continuous monitoring



31. Which one of the issues can be considered as Security misconfiguration?

Answer: All of the above


32. Development, QA, and production environments should all be configured identically, with each environment’s credentials used in

Answer: Different


33. JWT tokens should be invalidated on the server after logout

Answer: True



34. Reconnaissance is often the early phase of a structured internal or external attack.

Answer: True


35. TCS SSA takes care of the threats to the systems and software from?

Answer: Both of them



👉 Read More
64091 Data Privacy Assessment Course Answers TCS
TCS SSA E1 Developer Assessment Quiz Solution
Assessment For E0 Knowledge Management Competency- KM Group Solution
iSecurity Quiz Answers MCQ | Course Id 7408 | TCS iEvolve MCQ
TCS Generative AI E1 Course 6618 Assessment Questions and Answers
Generative AI Made Easy: Explore Top 7 AWS Courses
Roadmap to AWS Certified Solutions Architect – Associate (SAA-C03)
Will Infosys and TCS Meet the Same Fate as India's Cotton Mills?
AWS Certified Developer – Associate | Roadmap
List of Items Carry to Canada as a TCS Employee (Toronto)
Why Are TCS, Infosys, and Wipro Posting More Jobs Now 2024?
REALITY of Working in a Corporate MNC: TCS and Infosys ?
TCS Q1 FY26 Results: Weak Growth Despite AI Push
TCS Launches “GEN AI Tech Pathway” in its STEM Education Program goIT 2025
SSA E1 Administrator Assessment Answers 66767 - TCS
Explore more Blogs...