CCT CCT Application Security & Secure Coding

Question 1

Which OWASP Top 10 vulnerability occurs when untrusted data is sent to an interpreter as part of a command or query?

Accepted Answer

Injection

Answer

Broken Authentication

Answer

Security Misconfiguration

Answer

Insecure Deserialization

Question 2

What is the primary purpose of input validation in secure application development?

Accepted Answer

Prevent malicious data from being processed

Answer

Improve application performance

Answer

Encrypt user data at rest

Answer

Log all user activities

Question 3

Which secure coding practice prevents Cross-Site Scripting (XSS) attacks?

Accepted Answer

Output encoding and input sanitization

Answer

Using HTTPS for all connections

Answer

Implementing multi-factor authentication

Answer

Encrypting session tokens

Question 4

What does a Content Security Policy (CSP) header primarily protect against?

Accepted Answer

Cross-Site Scripting (XSS)

Answer

SQL injection attacks

Answer

Cross-Site Request Forgery (CSRF)

Answer

Man-in-the-Middle attacks

Question 5

In secure software development, what is the principle of 'least privilege' as applied to application accounts?

Accepted Answer

Applications should have only the minimum permissions needed to function

Answer

Applications should run as root for full access

Answer

All users should share the same application credentials

Answer

Privilege escalation should be enabled for all services

Question 6

What is a parameterized query (prepared statement) used to prevent?

Accepted Answer

SQL injection attacks

Answer

Buffer overflow attacks

Answer

Denial-of-service attacks

Answer

Privilege escalation