Information Security Session 7 Quiz

Welcome to your Information Security Session 7 Quiz

Name

Which component of the C.I.A. triad is primarily concerned with ensuring data is accurate and untampered?

a) Confidentiality

b) Integrity

c) Availability

d) Accountability

None

Which of the following is NOT considered a best practice in secure software development? phishing attack uses email as the primary method of deception?

a) Regularly performing code reviews

b) Hardcoding sensitive information in the source code

c) Implementing input validation

d) Keeping software components up to date

None

Scenario-based: You are designing a system that processes personal and financial information. Which practice is crucial to ensure data security?

a) Allowing unlimited file uploads

b) Implementing encryption for data at rest and in transit

c) Using default passwords for administrative accesss

d) Relying on client-side input validation only

None

What is Information Security?

a) Protecting computer systems from damage

b) Safeguarding personal information from unauthorized access

c) Ensuring the confidentiality, integrity, and availability of information

d) Preventing software bugs

None

Which industry framework is often used to guide secure software development practices?

a) ITIL

b) COBIT

c) ISO/IEC 27001

d) OWASP

None

During a code review, you discover that developers have not applied any input validation to form data. What should you recommend?

a) Increase server memory to handle more data

b) Apply client-side validation only

c) Implement both client-side and server-side input validation

d) Ignore input validation if no errors have been reported

None

In an organization, a security incident was reported involving unauthorized data access. What should be the first step according to industry frameworks?

a) Immediately shut down all systems

b) Report the incident to the relevant security team

c) Ignore the incident to avoid panic

d) Publicly disclose the incident details

None

Why is it important to secure file uploads in a web application?

a) To improve application performance

b) To prevent unauthorized access to server files

c) To ensure files are not too large

d) To enhance user experience

None

The Secure Development Lifecycle (SDL) involves steps taken only after software deployment.

a) True

b) False

None

10.

Input validation helps prevent security vulnerabilities such as SQL injection and Cross-Site Scripting (XSS).

a) True

b) False

None

11.

Threat modelling is a process that involves:

a) Identifying potential threats and vulnerabilities in the software

b) Developing software features

c) Ensuring the availability of the software

d) Managing user access and permissions

None

12.

What does the principle of Least Privilege entail?

a) Giving users the minimum levels of access required for their tasks

b) Granting all users admin-level access

c) Allowing users to access all system resources

d) Limiting software functionality to reduce features

None

13.

Which practice is essential to mitigate risks related to API security?

a) Allowing unrestricted API access

b) Implementing rate limiting and authentication

c) Disabling all API functionalities

d) Using HTTP instead of HTTPS for API communication

None

14.

Hardcoding sensitive information like passwords and keys in source code is a secure practice.

a) True

b) False

None

15.

Why is reporting security incidents crucial for an organization?

a) To allocate blame to specific individuals

b) To ensure compliance with legal and regulatory requirements

c) To increase system load

d) To delay operational processes

None

Thank you for the Quiz, Kindly check your email for the result.
Good Luck!

Information Security Session 7 Quiz

Information Security Session 7 Quiz

Cybrone Solutions