CSLLP Secure Software Implementation 2

Question 1

Which HTTP header prevents a web page from being embedded in an iframe on another domain, protecting against clickjacking?

Accepted Answer

X-Frame-Options

Answer

Content-Security-Policy

Answer

Strict-Transport-Security

Answer

X-Content-Type-Options

Question 2

What is a race condition vulnerability in software?

Accepted Answer

A flaw where the security outcome depends on the uncontrolled timing or ordering of concurrent events

Answer

A performance bug caused by excessive memory allocation

Answer

A network timeout that exposes sensitive data

Answer

A deadlock in multi-threaded applications

Question 3

Which secure coding technique prevents integer overflow vulnerabilities?

Accepted Answer

Validating arithmetic operations and using safe integer libraries that check for overflow

Answer

Using unsigned integers for all calculations

Answer

Avoiding the use of integers in security-sensitive calculations

Answer

Converting all integers to floating-point numbers

Question 4

What is the OWASP-recommended approach for protecting sensitive data in web applications?

Accepted Answer

Classify data, apply encryption at rest and in transit, and minimize retention of sensitive data

Answer

Store all sensitive data in client-side cookies with HttpOnly flag

Answer

Use Base64 encoding for all sensitive fields in the database

Answer

Restrict sensitive data access to administrators only

Question 5

Which practice helps prevent insecure deserialization vulnerabilities?

Accepted Answer

Validate and sanitize serialized data, use integrity checks, and avoid deserializing data from untrusted sources

Answer

Always use JSON instead of XML

Answer

Compress data before serializing it

Answer

Use only stateless authentication mechanisms

Question 6

What is the purpose of a software bill of materials (SBOM) in secure software development?

Accepted Answer

To provide a comprehensive inventory of all components, libraries, and dependencies in a software product

Answer

To track developer hours spent on security features

Answer

To document all known vulnerabilities in the codebase

Answer

To specify hardware requirements for running the software