CSLLP Secure Software Implementation

Question 1

Which coding practice prevents cross-site scripting (XSS) attacks by transforming special HTML characters into their safe equivalents?

Accepted Answer

Output encoding

Answer

Input sanitization

Answer

Input validation

Answer

Parameterized queries

Question 2

What is the purpose of a code review focused on security in the SDLC?

Accepted Answer

To identify security vulnerabilities in source code before deployment

Answer

To measure developer productivity

Answer

To verify that code meets performance benchmarks

Answer

To ensure coding style guidelines are followed

Question 3

Which type of analysis tool automatically scans source code for security vulnerabilities without executing the program?

Accepted Answer

Static application security testing (SAST)

Answer

Dynamic application security testing (DAST)

Answer

Interactive application security testing (IAST)

Answer

Runtime application self-protection (RASP)

Question 4

What is the risk of using hard-coded credentials in source code?

Accepted Answer

Credentials can be extracted from code repositories or binaries, granting unauthorized access

Answer

It slows down application startup

Answer

It prevents the application from scaling horizontally

Answer

It causes incompatibility with modern authentication protocols

Question 5

Which practice ensures that error messages shown to end users do not reveal sensitive system information?

Accepted Answer

Secure error handling

Answer

Input validation

Answer

Output encoding

Answer

Session management

Question 6

In secure coding, what does 'input validation' ensure?

Accepted Answer

That all data received from untrusted sources conforms to expected format, type, and range before processing

Answer

That output is formatted correctly for the user interface

Answer

That database queries use parameterized statements

Answer

That the application encrypts data before storing it