1. . Software Security Engineering is:
(A) Only coding
(B) The process of designing, implementing, and testing software to ensure it is secure from threats
(C) Memory allocation
(D) CPU scheduling
2. . The main goal of software security engineering is:
(A) CPU optimization
(B) Only allocate memory
(C) Protect software and data from unauthorized access, modification, or destruction
(D) File deletion
3. . Common security objectives include:
(A) Only coding efficiency
(B) CPU speed, memory allocation, and file size
(C) Confidentiality, integrity, and availability (CIA)
(D) File deletion only
4. . Confidentiality ensures:
(A) Memory allocation only
(B) CPU speed optimization
(C) Sensitive information is accessed only by authorized users
(D) File deletion
5. . Integrity ensures:
(A) CPU scheduling
(B) Data and software remain accurate and unaltered except by authorized actions
(C) Memory allocation
(D) File deletion
6. . Availability ensures:
(A) Authorized users can access software and data when needed
(B) CPU optimization
(C) Memory allocation
(D) File deletion
7. . Threat modeling in security engineering involves:
(A) File deletion only
(B) Allocating memory only
(C) CPU scheduling only
(D) Identifying potential security threats and vulnerabilities
8. . Authentication is:
(A) Memory allocation
(B) Verifying the identity of a user or system
(C) CPU scheduling
(D) File deletion
9. . Authorization is:
(A) CPU optimization
(B) Granting access rights to resources based on user privileges
(C) Memory allocation
(D) File deletion
10. . Encryption is used to:
(A) File deletion
(B) CPU scheduling
(C) Memory allocation
(D) Protect data confidentiality by converting it into unreadable form
11. . Secure coding practices help:
(A) CPU optimization only
(B) Prevent vulnerabilities like SQL injection, buffer overflow, and cross-site scripting
(C) Memory allocation only
(D) File deletion only
12. . Security testing involves:
(A) File management
(B) Memory allocation
(C) CPU scheduling
(D) Evaluating software for vulnerabilities and potential attacks
13. . Penetration testing is:
(A) File deletion only
(B) CPU optimization only
(C) Memory allocation only
(D) Simulated attacks on software to identify security weaknesses
14. . Threats can include:
(A) Memory only
(B) CPU only
(C) Malware, hackers, insider threats, and social engineering attacks
(D) File deletion only
15. . Vulnerability assessment is:
(A) CPU scheduling
(B) Identifying and quantifying security weaknesses in software
(C) Memory allocation
(D) File deletion
16. . Security policies define:
(A) CPU scheduling only
(B) Rules and procedures for secure use and development of software
(C) Memory allocation only
(D) File deletion only
17. . Access control mechanisms include:
(A) Memory allocation only
(B) Role-based, discretionary, and mandatory access controls
(C) CPU scheduling only
(D) File deletion only
18. . Logging and auditing in security engineering help to:
(A) Memory allocation only
(B) CPU optimization only
(C) Track user actions and detect unauthorized activities
(D) File deletion only
19. . Secure software development lifecycle (SSDLC) integrates:
(A) Memory allocation only
(B) CPU scheduling only
(C) Security practices throughout design, coding, testing, and maintenance
(D) File deletion only
20. . The ultimate goal of software security engineering is:
(A) Optimize CPU only
(B) Only allocate memory
(C) Deliver software that is reliable, safe, and resistant to attacks
(D) Delete files automatically