Information Security Session 7 Quiz

Welcome to your Information Security Session 7 Quiz

Name

Which industry framework is often used to guide secure software development practices?

a) ITIL

b) COBIT

c) ISO/IEC 27001

d) OWASP

None

What action should be taken if a buffer overflow vulnerability is identified in the software?

a) Ignore it if no crashes have been reported

b) Immediately patch and update the software

c) Increase the buffer size without fixing the code

d) Inform users to avoid using the affected feature

None

During a code review, you discover that developers have not applied any input validation to form data. What should you recommend?

a) Increase server memory to handle more data

b) Apply client-side validation only

c) Implement both client-side and server-side input validation

d) Ignore input validation if no errors have been reported

None

Input validation helps prevent security vulnerabilities such as SQL injection and Cross-Site Scripting (XSS).

a) True

b) False

None

Why is reporting security incidents crucial for an organization?

a) To allocate blame to specific individuals

b) To ensure compliance with legal and regulatory requirements

c) To increase system load

d) To delay operational processes

None

Scenario-based: You are designing a system that processes personal and financial information. Which practice is crucial to ensure data security?

a) Allowing unlimited file uploads

b) Implementing encryption for data at rest and in transit

c) Using default passwords for administrative accesss

d) Relying on client-side input validation only

None

What does the principle of Least Privilege entail?

a) Giving users the minimum levels of access required for their tasks

b) Granting all users admin-level access

c) Allowing users to access all system resources

d) Limiting software functionality to reduce features

None

Which of the following is NOT considered a best practice in secure software development? phishing attack uses email as the primary method of deception?

a) Regularly performing code reviews

b) Hardcoding sensitive information in the source code

c) Implementing input validation

d) Keeping software components up to date

None

Threat modelling is a process that involves:

a) Identifying potential threats and vulnerabilities in the software

b) Developing software features

c) Ensuring the availability of the software

d) Managing user access and permissions

None

10.

Which component of the C.I.A. triad is primarily concerned with ensuring data is accurate and untampered?

a) Confidentiality

b) Integrity

c) Availability

d) Accountability

None

11.

Hardcoding sensitive information like passwords and keys in source code is a secure practice.

a) True

b) False

None

12.

The Secure Development Lifecycle (SDL) involves steps taken only after software deployment.

a) True

b) False

None

13.

In an organization, a security incident was reported involving unauthorized data access. What should be the first step according to industry frameworks?

a) Immediately shut down all systems

b) Report the incident to the relevant security team

c) Ignore the incident to avoid panic

d) Publicly disclose the incident details

None

14.

How often should regular patching and updates be performed to maintain security?

a) Annually

b) Biannually

c) Monthly or as soon as updates are available

d) Only when new features are needed

None

15.

What is Information Security?

a) Protecting computer systems from damage

b) Safeguarding personal information from unauthorized access

c) Ensuring the confidentiality, integrity, and availability of information

d) Preventing software bugs

None

Thank you for the Quiz, Kindly check your email for the result.
Good Luck!

Information Security Session 7 Quiz

Information Security Session 7 Quiz

Cybrone Solutions