Skip to Content
Home Secure Development Practices Secure Development Practices

Secure Development Practices

0 %

Completed

Course content

Secure Development Practices

10 XP
Prev Next
Fullscreen Share
Rating
0 0

There are no comments for now.

Join this Course
to be the first to leave a comment.

1. Why should applications validate user input?
To improve interface responsiveness only To prevent attacks such as injection and malicious data processing To eliminate authentication requirements To reduce the need for logging and monitoring
2. A developer stores production API credentials directly inside a public repository “temporarily”. Why is this dangerous?
Temporary exposure does not create operational risk Public repositories cannot be accessed externally API keys are automatically encrypted in repositories Exposed credentials may allow unauthorised access to production systems
3. Which statement BEST describes least privilege in application development?
Applications should grant users maximum access for operational flexibility Access should be restricted to only what is required Administrative access should be enabled by default Authentication is unnecessary for internal applications
4. Which of the following is an example of poor secure development practice?
Using parameterised queries for database access Implementing server-side access validation Hardcoding administrator passwords into scripts Performing peer code reviews
5. Why are APIs considered high-risk attack surfaces?
APIs often expose business logic, data, and authentication flows APIs cannot use encryption or authentication controls APIs only operate internally APIs automatically prevent privilege escalation
6. What is the primary purpose of code reviews?
To improve application loading speed only To identify defects, security weaknesses, and unsafe practices To remove the need for testing activities To bypass development governance controls
7. Which of the following BEST supports secure session management?
Reusing session tokens indefinitely Storing session identifiers in unsecured logs Enforcing session timeouts and secure token handling Sharing administrative sessions between users
8. Why are third-party dependencies considered security risks?
Dependencies eliminate the need for testing Approved libraries never contain vulnerabilities Dependencies automatically bypass security controls Dependencies may contain vulnerabilities or malicious components
9. A developer disables authentication temporarily during testing and forgets to re-enable it before deployment. What type of issue is this?
Secure logging failure Configuration and access control weakness Input validation improvement Approved development optimisation
10. Which practice BEST protects application secrets?
Storing secrets in plaintext configuration files Sharing credentials between environments for simplicity Using approved secret management solutions Embedding API tokens directly into source code
11. Why should applications avoid verbose error messages in production?
Detailed errors may expose sensitive system information to attackers Verbose errors improve operational security automatically Production systems do not require error handling Error visibility removes the need for monitoring
12. Which of the following is an example of secure CI/CD practice?
Allowing direct production deployments without controls Disabling logging within deployment systems Using unrestricted shared administrator credentials in deployment pipelines Protecting secrets and restricting privileged pipeline access
13. Why is authentication security important in application development?
Weak authentication may allow unauthorised access to systems and data Authentication only applies to internet-facing applications Internal applications do not require identity controls MFA eliminates all application security risks automatically
14. Which statement about security testing is MOST accurate?
Penetration testing eliminates all future vulnerabilities permanently Security testing removes the need for secure coding practices Security testing should occur throughout the development lifecycle Security testing is only required after production deployment
15. What should developers do if they discover a vulnerability in production code?
Ignore the issue unless exploitation is confirmed publicly Report and remediate the issue through approved processes Disable logging to reduce operational visibility Delay escalation until scheduled audit reviews occur
16. Which of the following is a common secure development failure?
Using hardened configurations and secure defaults Protecting API endpoints with authentication controls Missing input validation and insecure access control Performing dependency vulnerability scanning
17. Why should developers avoid trusting client-side validation alone?
Client-side controls may be bypassed by attackers Client-side validation automatically secures databases Browser validation eliminates server-side security requirements Client-side validation prevents all malicious input automatically
18. Which behaviour BEST supports secure software development?
Allowing unrestricted administrator access to development tools Applying secure coding, testing, and review practices consistently Prioritising rapid deployment over security validation Reusing production credentials across environments
19. What may happen if secure development practices are ignored?
Applications may become vulnerable to compromise or data exposure Security risks decrease automatically after deployment Monitoring and logging become unnecessary Vulnerability management is no longer required
20. What is the BEST overall approach to secure development?
Treat security as a final-stage testing activity only Integrate security throughout design, development, testing, and deployment Prioritise operational convenience over secure coding standards Depend entirely on infrastructure security controls to protect applications