Module: Application Security Engineer Responsibilities -Trailhead Answers

In this tutorial, we will solve the question of a module called Application Security Engineer Responsibilities. Learn how an application security engineer protects applications.

#1.Use a Secure Development Lifecycle

Solve Quiz & get +100 points

Q1)Which of the following is a risk associated with an insecure SDLC?

#I)Lack of sanitization and insecure code

#II)Confidentiality, integrity, and availability of data is protected

#III)Using components that have no known vulnerabilities

#IV)Secure change control during application development

[bg_collapse view=”button-green” color=”#4a4949″ expand_text=”Show Answers” collapse_text=”Hide Answers” ]

I)Lack of sanitization and insecure code [/bg_collapse]

Q2)Which of the following describes how application security engineers can best protect against injection?

#I)Use static and dynamic testing only at the end of the development lifecycle.

#II)Perform source code review.

#III)Blocklist special characters.

#IV)Store unsanitized user input that is viewable by other users.

[bg_collapse view=”button-green” color=”#4a4949″ expand_text=”Show Answers” collapse_text=”Hide Answers” ]

II)Perform source code review. [/bg_collapse]

Check the Quiz to Earn 100 Points

The Second attempt earns 50 points. Three or more earn 25 points.

#2.Properly Configure Components

Solve Quiz & get +100 points

Q1)Which of the following best describes security misconfiguration?

#I)Changing default configurations

#II)Protecting cloud storage buckets with strong authentication

#III)Limiting the information provided to the user in error messages

#IV)Failure to securely configure, patch, and upgrade operating systems, frameworks, libraries, and applications

[bg_collapse view=”button-green” color=”#4a4949″ expand_text=”Show Answers” collapse_text=”Hide Answers” ]

IV)Failure to securely configure, patch, and upgrade operating systems, frameworks, libraries, and applications [/bg_collapse]

Q2)Which of the following best describes a step an application security engineer should take in hardening the application stack?

#I)Properly configure cloud services to limit public access to storage buckets.

#II)Enable all features such as ports, services, and pages just in case an application may need them.

#III)Implement error messages that include server-side information to make it easier for developers to troubleshoot issues.

#IV)Hold off updating software until it’s most convenient for the business to do so.

[bg_collapse view=”button-green” color=”#4a4949″ expand_text=”Show Answers” collapse_text=”Hide Answers” ]

I)Properly configure cloud services to limit public access to storage buckets. [/bg_collapse]

Check the Quiz to Earn 100 Points

The Second attempt earns 50 points. Three or more earn 25 points.

#3.Secure Applications with Authentication and Access Control

Solve Quiz & get +100 points

Q1)Which of the following best defines application authentication?

#I)Grants and restricts access to resources

#II)The process of identifying, authenticating, and authorizing hackers

#III)Verifies someone’s identity by using credentials to log in to an application

#IV)Allows the user to view or edit someone else’s account

[bg_collapse view=”button-green” color=”#4a4949″ expand_text=”Show Answers” collapse_text=”Hide Answers” ]

III)Verifies someone’s identity by using credentials to log in to an application [/bg_collapse]

Q2)Which of the following is a protection against broken authentication?

#I)Implementing multi-factor authentication (MFA)

#II)Credential stuffing

#III)Brute force

#IV)Permitting default passwords

[bg_collapse view=”button-green” color=”#4a4949″ expand_text=”Show Answers” collapse_text=”Hide Answers” ]

I)Implementing multi-factor authentication (MFA) [/bg_collapse]

Check the Quiz to Earn 100 Points

The Second attempt earns 50 points. Three or more earn 25 points.

#4.Protect Sensitive Application Data from Exposure

Solve Quiz & get +100 points

Q1)Which of the following best defines how encryption can be used to protect sensitive data from exposure?

#I)It’s used only to protect sensitive data in transit.

#II)It’s used only to protect sensitive data at rest.

#III)It stores data in clear text using strong cryptographic algorithms and proper key management.

#IV)It protects data at rest and in transit from theft or modification, especially when being exchanged with the browser.

[bg_collapse view=”button-green” color=”#4a4949″ expand_text=”Show Answers” collapse_text=”Hide Answers” ]

IV)It protects data at rest and in transit from theft or modification, especially when being exchanged with the browser. [/bg_collapse]

Q2)Which of the following steps could an application security engineer take to protect against sensitive data exposure?

#I)Store sensitive data indefinitely in case anyone ever needs to access it.

#II)Classify data according to sensitivity, and encrypt sensitive data at rest and in transit.

#III)Ensure browsers use HTTP when transporting data.

#IV)Cache responses that contain sensitive data.

[bg_collapse view=”button-green” color=”#4a4949″ expand_text=”Show Answers” collapse_text=”Hide Answers” ]

Classify data according to sensitivity, and encrypt sensitive data at rest and in transit. [/bg_collapse]

Check the Quiz to Earn 100 Points

The Second attempt earns 50 points. Three or more earn 25 points.

#5.Detect Application Intrusions

Solve Quiz & get +100 points

Q1)Which of the following best describes how application security engineers use logs to monitor applications?

#I)Only failed logins are logged since logging all logins would create too much noise.

#II)Appropriate alerting thresholds and response escalation processes are in place to help analysts quickly identify and respond to threats.

#III)Logs are monitored once a month to identify and fix vulnerabilities.

#IV)Logs are kept separate from incident response functions to ensure separation of duties.

[bg_collapse view=”button-green” color=”#4a4949″ expand_text=”Show Answers” collapse_text=”Hide Answers” ]

II)Appropriate alerting thresholds and response escalation processes are in place to help analysts quickly identify and respond to threats. [/bg_collapse]

Q2)Which of the following is a benefit of using adversarial testing?

#I)It helps identify and mitigate potential risks before they are exploited with malicious intent.

#II)It helps classify data according to sensitivity.

#III)It can replace an organization’s vulnerability scanning program.

#IV)It allows attackers to access sensitive data that is unencrypted.

[bg_collapse view=”button-green” color=”#4a4949″ expand_text=”Show Answers” collapse_text=”Hide Answers” ]

I)It helps identify and mitigate potential risks before they are exploited with malicious intent. [/bg_collapse]

Check the Quiz to Earn 100 Points

The Second attempt earns 50 points. Three or more earn 25 points.

List of Modules:

Pramod Kumar Yadav is from Janakpur Dham, Nepal. He was born on December 23, 1994, and has one elder brother and two elder sisters. He completed his education at various schools and colleges in Nepal and completed a degree in Computer Science Engineering from MITS in Andhra Pradesh, India. Pramod has worked as the owner of RC Educational Foundation Pvt Ltd, a teacher, and an Educational Consultant, and is currently working as an Engineer and Digital Marketer.



Leave a Comment