Q1. Software security focuses on:
(A) Protecting software from threats, vulnerabilities, and attacks
(B) Only coding
(C) UI design
(D) Hardware only
Answer: (A) Protecting software from threats, vulnerabilities, and attacks
Q2. Vulnerability in software is:
(A) Weakness that can be exploited by a threat
(B) Coding error only
(C) UI flaw
(D) Hardware issue
Answer: (A) Weakness that can be exploited by a threat
Q3. Threat in software security is:
(A) Potential cause of harm or unauthorized access
(B) Coding error only
(C) UI issue
(D) Hardware issue
Answer: (A) Potential cause of harm or unauthorized access
Q4. Exploit refers to:
(A) Technique or code used to take advantage of a vulnerability
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Technique or code used to take advantage of a vulnerability
Q5. Confidentiality ensures:
(A) Information is accessible only to authorized users
(B) Software works faster
(C) UI is secure
(D) Hardware reliability
Answer: (A) Information is accessible only to authorized users
Q6. Integrity ensures:
(A) Data is accurate and has not been tampered with
(B) Software runs faster
(C) UI looks correct
(D) Hardware works properly
Answer: (A) Data is accurate and has not been tampered with
Q7. Availability ensures:
(A) Authorized users can access data and services when needed
(B) Software is free of bugs
(C) UI is responsive
(D) Hardware uptime
Answer: (A) Authorized users can access data and services when needed
Q8. Authentication in software security is:
(A) Verifying the identity of a user or system
(B) Encrypting data
(C) Coding only
(D) UI only
Answer: (A) Verifying the identity of a user or system
Q9. Authorization in software security is:
(A) Granting access rights to authenticated users
(B) Encrypting data
(C) Coding only
(D) UI only
Answer: (A) Granting access rights to authenticated users
Q10. Non-repudiation ensures:
(A) Parties cannot deny their actions in software transactions
(B) Software runs without errors
(C) UI cannot be changed
(D) Hardware security
Answer: (A) Parties cannot deny their actions in software transactions
Q11. Encryption in software security:
(A) Converts data into unreadable form for unauthorized users
(B) Fixes bugs
(C) Improves UI
(D) Hardware only
Answer: (A) Converts data into unreadable form for unauthorized users
Q12. Symmetric encryption uses:
(A) Same key for encryption and decryption
(B) Different keys
(C) Only coding
(D) UI only
Answer: (A) Same key for encryption and decryption
Q13. Asymmetric encryption uses:
(A) Public key for encryption, private key for decryption
(B) Same key
(C) Coding only
(D) UI only
Answer: (A) Public key for encryption, private key for decryption
Q14. Digital signature ensures:
(A) Authenticity and integrity of digital messages
(B) Faster software
(C) UI improvement
(D) Hardware validation
Answer: (A) Authenticity and integrity of digital messages
Q15. Hash function in security is used for:
(A) Creating unique fixed-length representation of data
(B) Encrypting data
(C) Coding only
(D) UI only
Answer: (A) Creating unique fixed-length representation of data
Q16. Common software attacks include:
(A) SQL injection, cross-site scripting, buffer overflow
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) SQL injection, cross-site scripting, buffer overflow
Q17. SQL injection attacks:
(A) Insert malicious SQL commands into database queries
(B) Break UI
(C) Hardware attack
(D) Password only
Answer: (A) Insert malicious SQL commands into database queries
Q18. Cross-site scripting (XSS) attacks:
(A) Inject malicious scripts into web pages viewed by users
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Inject malicious scripts into web pages viewed by users
Q19. Buffer overflow attack occurs when:
(A) More data is written to buffer than it can hold
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) More data is written to buffer than it can hold
Q20. Man-in-the-middle (MITM) attack:
(A) Attacker intercepts and alters communication between two parties
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Attacker intercepts and alters communication between two parties
Q21. Denial-of-service (DoS) attack:
(A) Overloads system to make it unavailable
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Overloads system to make it unavailable
Q22. Software patching helps in:
(A) Fixing security vulnerabilities
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Fixing security vulnerabilities
Q23. Firewall in software security:
(A) Controls network traffic based on security rules
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Controls network traffic based on security rules
Q24. Intrusion detection system (IDS) detects:
(A) Unauthorized or malicious activity in software or network
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Unauthorized or malicious activity in software or network
Q25. Authentication factors include:
(A) Something you know, have, or are
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Something you know, have, or are
Q26. Multi-factor authentication (MFA) uses:
(A) Two or more authentication factors
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Two or more authentication factors
Q27. Access control types include:
(A) Discretionary, mandatory, and role-based access control
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Discretionary, mandatory, and role-based access control
Q28. Role-based access control (RBAC) assigns:
(A) Permissions based on user roles
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Permissions based on user roles
Q29. Security policy defines:
(A) Rules and practices to protect software assets
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Rules and practices to protect software assets
Q30. Threat modeling helps in:
(A) Identifying, analyzing, and mitigating potential security threats
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Identifying, analyzing, and mitigating potential security threats
Q31. Security testing includes:
(A) Penetration testing, vulnerability scanning, and code review
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Penetration testing, vulnerability scanning, and code review
Q32. Penetration testing simulates:
(A) Real attacks to identify vulnerabilities
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Real attacks to identify vulnerabilities
Q33. Security audit assesses:
(A) Compliance with security policies and effectiveness of controls
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Compliance with security policies and effectiveness of controls
Q34. Threat vectors are:
(A) Paths or methods used to exploit vulnerabilities
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Paths or methods used to exploit vulnerabilities
Q35. Common software vulnerabilities include:
(A) Injection, broken authentication, sensitive data exposure
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Injection, broken authentication, sensitive data exposure
Q36. Principle of least privilege means:
(A) Users are given minimum access necessary for tasks
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Users are given minimum access necessary for tasks
Q37. Secure coding practices include:
(A) Input validation, output encoding, error handling, and encryption
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Input validation, output encoding, error handling, and encryption
Q38. Input validation prevents:
(A) Injection attacks and buffer overflows
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Injection attacks and buffer overflows
Q39. Output encoding prevents:
(A) Cross-site scripting (XSS) attacks
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Cross-site scripting (XSS) attacks
Q40. Secure session management includes:
(A) Using secure cookies, timeout, and token validation
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Using secure cookies, timeout, and token validation
Q41. Security logging and monitoring helps in:
(A) Detecting attacks and auditing software usage
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Detecting attacks and auditing software usage
Q42. Software patch management ensures:
(A) Timely updates to fix vulnerabilities
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Timely updates to fix vulnerabilities
Q43. SQL injection attacks can be prevented by:
(A) Parameterized queries and input validation
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Parameterized queries and input validation
Q44. Buffer overflow attacks can be prevented by:
(A) Bounds checking and safe memory management
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Bounds checking and safe memory management
Q45. Cross-site request forgery (CSRF) attacks are prevented by:
(A) Anti-CSRF tokens and same-site cookies
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Anti-CSRF tokens and same-site cookies
Q46. Security awareness training helps:
(A) Educate users about threats and safe practices
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Educate users about threats and safe practices
Q47. SSL/TLS ensures:
(A) Secure communication over network with encryption
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Secure communication over network with encryption
Q48. Password policies enforce:
(A) Minimum length, complexity, and expiration
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Minimum length, complexity, and expiration
Q49. Two-factor authentication (2FA) improves security by:
(A) Requiring two forms of identity verification
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Requiring two forms of identity verification
Q50. Principle of defense in depth means:
(A) Multiple layers of security controls are implemented
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Multiple layers of security controls are implementedQ51. Software security testing includes:
(A) Static code analysis, dynamic analysis, and penetration testing
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Static code analysis, dynamic analysis, and penetration testing
Q52. Static code analysis helps in:
(A) Detecting vulnerabilities without executing code
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Detecting vulnerabilities without executing code
Q53. Dynamic analysis helps in:
(A) Detecting vulnerabilities during program execution
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Detecting vulnerabilities during program execution
Q54. Security requirements should be:
(A) Defined early in the software development lifecycle
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Defined early in the software development lifecycle
Q55. Threat modeling includes:
(A) Identifying assets, threats, vulnerabilities, and mitigation strategies
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Identifying assets, threats, vulnerabilities, and mitigation strategies
Q56. Principle of least privilege reduces risk by:
(A) Limiting user access to only necessary resources
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Limiting user access to only necessary resources
Q57. Secure software development lifecycle (SSDLC) integrates:
(A) Security practices into each phase of development
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Security practices into each phase of development
Q58. Common security vulnerabilities are listed in:
(A) OWASP Top 10
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) OWASP Top 10
Q59. OWASP stands for:
(A) Open Web Application Security Project
(B) Online Web Application Security Protocol
(C) Official Web Application Security Project
(D) Open Wide Application Security Program
Answer: (A) Open Web Application Security Project
Q60. Injection attacks target:
(A) Databases and interpreters by sending malicious input
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Databases and interpreters by sending malicious input
Q61. Broken authentication vulnerability allows:
(A) Attackers to impersonate other users
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Attackers to impersonate other users
Q62. Sensitive data exposure can be prevented by:
(A) Encryption, masking, and secure storage
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Encryption, masking, and secure storage
Q63. XML external entity (XXE) attacks target:
(A) Vulnerable XML parsers
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Vulnerable XML parsers
Q64. Security misconfiguration occurs due to:
(A) Default settings, unnecessary features, or improper permissions
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Default settings, unnecessary features, or improper permissions
Q65. Cross-site scripting (XSS) can be prevented by:
(A) Output encoding and input validation
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Output encoding and input validation
Q66. Insecure deserialization allows:
(A) Remote code execution or attacks through untrusted data
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Remote code execution or attacks through untrusted data
Q67. Using components with known vulnerabilities should be:
(A) Avoided or updated regularly
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Avoided or updated regularly
Q68. Insufficient logging and monitoring may result in:
(A) Delayed detection of attacks and breaches
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Delayed detection of attacks and breaches
Q69. Security governance ensures:
(A) Policies, procedures, and accountability for protecting software
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Policies, procedures, and accountability for protecting software
Q70. Risk assessment in software security involves:
(A) Identifying, analyzing, and prioritizing potential threats
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Identifying, analyzing, and prioritizing potential threats
Q71. Security patch management helps:
(A) Close vulnerabilities before they are exploited
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Close vulnerabilities before they are exploited
Q72. Security logging should include:
(A) Authentication attempts, access violations, and system errors
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Authentication attempts, access violations, and system errors
Q73. Access control in software security prevents:
(A) Unauthorized access to data and functions
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Unauthorized access to data and functions
Q74. Principle of secure by design means:
(A) Security is integrated into software from the beginning
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Security is integrated into software from the beginning
Q75. Security testing types include:
(A) Penetration testing, vulnerability scanning, and security code review
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Penetration testing, vulnerability scanning, and security code review
Q76. Security misconfiguration can be mitigated by:
(A) Regular audits and disabling unnecessary features
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Regular audits and disabling unnecessary features
Q77. Least privilege principle applies to:
(A) Users, processes, and services
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Users, processes, and services
Q78. Security monitoring tools include:
(A) IDS, IPS, and SIEM
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) IDS, IPS, and SIEM
Q79. SIEM stands for:
(A) Security Information and Event Management
(B) Software Integration and Event Monitoring
(C) Security Internet Event Management
(D) Software Information and Encryption Module
Answer: (A) Security Information and Event Management
Q80. Threat modeling helps in:
(A) Identifying potential attack paths and mitigations
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Identifying potential attack paths and mitigations
Q81. Common security controls include:
(A) Firewalls, encryption, access control, and monitoring
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Firewalls, encryption, access control, and monitoring
Q82. Secure session management includes:
(A) Expiring sessions, secure cookies, and token validation
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Expiring sessions, secure cookies, and token validation
Q83. Anti-CSRF tokens protect against:
(A) Cross-site request forgery attacks
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Cross-site request forgery attacks
Q84. Secure software updates ensure:
(A) Software integrity and authenticity
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Software integrity and authenticity
Q85. Software integrity can be verified using:
(A) Digital signatures and checksums
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Digital signatures and checksums
Q86. Principle of defense in depth means:
(A) Multiple layers of security are implemented to protect software
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Multiple layers of security are implemented to protect software
Q87. Security audit frequency depends on:
(A) Risk, regulatory requirements, and criticality
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Risk, regulatory requirements, and criticality
Q88. Security awareness training reduces:
(A) Human errors leading to vulnerabilities
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Human errors leading to vulnerabilities
Q89. Secure coding standards include:
(A) OWASP secure coding guidelines and CERT coding standards
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) OWASP secure coding guidelines and CERT coding standards
Q90. Software vulnerability scanning detects:
(A) Known security weaknesses in applications
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Known security weaknesses in applications
Q91. Multi-factor authentication (MFA) improves:
(A) Access security by requiring multiple forms of verification
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Access security by requiring multiple forms of verification
Q92. Logging and monitoring help in:
(A) Incident detection and forensic analysis
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Incident detection and forensic analysis
Q93. Security configuration management ensures:
(A) Proper settings and patch levels across systems
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Proper settings and patch levels across systems
Q94. Digital certificate ensures:
(A) Authentication and secure communication
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Authentication and secure communication
Q95. Hashing passwords securely prevents:
(A) Password theft in case of database compromise
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Password theft in case of database compromise
Q96. Software security metrics include:
(A) Number of vulnerabilities, patching time, and incident response time
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Number of vulnerabilities, patching time, and incident response time
Q97. Patch management policy defines:
(A) How and when updates are applied to software
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) How and when updates are applied to software
Q98. Secure software architecture minimizes:
(A) Attack surface and potential vulnerabilities
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Attack surface and potential vulnerabilities
Q99. Software threat intelligence provides:
(A) Information about current threats and attack patterns
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Information about current threats and attack patterns
Q100. Ultimate goal of software security is:
(A) Protect software assets, ensure confidentiality, integrity, and availability
(B) Coding only
(C) UI only
(D) Hardware only
Answer: (A) Protect software assets, ensure confidentiality, integrity, and availability