In this tutorial, we will solve the question of a module called Application Security Engineer Responsibilities. Learn how an application security engineer protects applications.
#1.Use a Secure Development Lifecycle
Solve Quiz & get +100 points
Q1)Which of the following is a risk associated with an insecure SDLC?
#I)Lack of sanitization and insecure code
#II)Confidentiality, integrity, and availability of data is protected
#III)Using components that have no known vulnerabilities
#IV)Secure change control during application development
[bg_collapse view=”button-green” color=”#4a4949″ expand_text=”Show Answers” collapse_text=”Hide Answers” ]
I)Lack of sanitization and insecure code [/bg_collapse]
Q2)Which of the following describes how application security engineers can best protect against injection?
#I)Use static and dynamic testing only at the end of the development lifecycle.
#II)Perform source code review.
#III)Blocklist special characters.
#IV)Store unsanitized user input that is viewable by other users.
[bg_collapse view=”button-green” color=”#4a4949″ expand_text=”Show Answers” collapse_text=”Hide Answers” ]
II)Perform source code review. [/bg_collapse]
Check the Quiz to Earn 100 Points
The Second attempt earns 50 points. Three or more earn 25 points.
#2.Properly Configure Components
Solve Quiz & get +100 points
Q1)Which of the following best describes security misconfiguration?
#I)Changing default configurations
#II)Protecting cloud storage buckets with strong authentication
#III)Limiting the information provided to the user in error messages
#IV)Failure to securely configure, patch, and upgrade operating systems, frameworks, libraries, and applications
[bg_collapse view=”button-green” color=”#4a4949″ expand_text=”Show Answers” collapse_text=”Hide Answers” ]
IV)Failure to securely configure, patch, and upgrade operating systems, frameworks, libraries, and applications [/bg_collapse]
Q2)Which of the following best describes a step an application security engineer should take in hardening the application stack?
#I)Properly configure cloud services to limit public access to storage buckets.
#II)Enable all features such as ports, services, and pages just in case an application may need them.
#III)Implement error messages that include server-side information to make it easier for developers to troubleshoot issues.
#IV)Hold off updating software until it’s most convenient for the business to do so.
[bg_collapse view=”button-green” color=”#4a4949″ expand_text=”Show Answers” collapse_text=”Hide Answers” ]
I)Properly configure cloud services to limit public access to storage buckets. [/bg_collapse]
Check the Quiz to Earn 100 Points
The Second attempt earns 50 points. Three or more earn 25 points.
#3.Secure Applications with Authentication and Access Control
Solve Quiz & get +100 points
Q1)Which of the following best defines application authentication?
#I)Grants and restricts access to resources
#II)The process of identifying, authenticating, and authorizing hackers
#III)Verifies someone’s identity by using credentials to log in to an application
#IV)Allows the user to view or edit someone else’s account
[bg_collapse view=”button-green” color=”#4a4949″ expand_text=”Show Answers” collapse_text=”Hide Answers” ]
III)Verifies someone’s identity by using credentials to log in to an application [/bg_collapse]
Q2)Which of the following is a protection against broken authentication?
#I)Implementing multi-factor authentication (MFA)
#II)Credential stuffing
#III)Brute force
#IV)Permitting default passwords
[bg_collapse view=”button-green” color=”#4a4949″ expand_text=”Show Answers” collapse_text=”Hide Answers” ]
I)Implementing multi-factor authentication (MFA) [/bg_collapse]
Check the Quiz to Earn 100 Points
The Second attempt earns 50 points. Three or more earn 25 points.
#4.Protect Sensitive Application Data from Exposure
Solve Quiz & get +100 points
Q1)Which of the following best defines how encryption can be used to protect sensitive data from exposure?
#I)It’s used only to protect sensitive data in transit.
#II)It’s used only to protect sensitive data at rest.
#III)It stores data in clear text using strong cryptographic algorithms and proper key management.
#IV)It protects data at rest and in transit from theft or modification, especially when being exchanged with the browser.
[bg_collapse view=”button-green” color=”#4a4949″ expand_text=”Show Answers” collapse_text=”Hide Answers” ]
IV)It protects data at rest and in transit from theft or modification, especially when being exchanged with the browser. [/bg_collapse]
Q2)Which of the following steps could an application security engineer take to protect against sensitive data exposure?
#I)Store sensitive data indefinitely in case anyone ever needs to access it.
#II)Classify data according to sensitivity, and encrypt sensitive data at rest and in transit.
#III)Ensure browsers use HTTP when transporting data.
#IV)Cache responses that contain sensitive data.
[bg_collapse view=”button-green” color=”#4a4949″ expand_text=”Show Answers” collapse_text=”Hide Answers” ]
Classify data according to sensitivity, and encrypt sensitive data at rest and in transit. [/bg_collapse]
Check the Quiz to Earn 100 Points
The Second attempt earns 50 points. Three or more earn 25 points.
#5.Detect Application Intrusions
Solve Quiz & get +100 points
Q1)Which of the following best describes how application security engineers use logs to monitor applications?
#I)Only failed logins are logged since logging all logins would create too much noise.
#II)Appropriate alerting thresholds and response escalation processes are in place to help analysts quickly identify and respond to threats.
#III)Logs are monitored once a month to identify and fix vulnerabilities.
#IV)Logs are kept separate from incident response functions to ensure separation of duties.
[bg_collapse view=”button-green” color=”#4a4949″ expand_text=”Show Answers” collapse_text=”Hide Answers” ]
II)Appropriate alerting thresholds and response escalation processes are in place to help analysts quickly identify and respond to threats. [/bg_collapse]
Q2)Which of the following is a benefit of using adversarial testing?
#I)It helps identify and mitigate potential risks before they are exploited with malicious intent.
#II)It helps classify data according to sensitivity.
#III)It can replace an organization’s vulnerability scanning program.
#IV)It allows attackers to access sensitive data that is unencrypted.
[bg_collapse view=”button-green” color=”#4a4949″ expand_text=”Show Answers” collapse_text=”Hide Answers” ]
I)It helps identify and mitigate potential risks before they are exploited with malicious intent. [/bg_collapse]
Check the Quiz to Earn 100 Points
The Second attempt earns 50 points. Three or more earn 25 points.
List of Modules:
- Identity Management In Slack
- Protect Your Salesforce Data
- Develop A Heroku App That Integrates With Salesforce
- Prospecting For Better Sales
- One-On-One Meetings
- Innovation Customer Discovery
- What Is Innovation Basics
- Impacts Of The Fourth Industrial Revolution
- Healthy Eating With Salesforce’s Executive Chef
- Engagement And Retention