Legacy Applications Security Practices Quiz

Questions and Answers

What is a common problem with applications mentioned in the text?

• Verbose error messages (correct)
• Lack of network isolation
• Insecure communication channels
• Insufficient user authentication

Why is two-factor authentication usually desirable for critical systems?

• It provides a backup if one factor is compromised (correct)
• It simplifies the login process
• It allows unlimited invalid login attempts
• It speeds up the user login experience

What is a potential consequence of not implementing a secure development life cycle for mobile and web applications?

• Unexpected vulnerability to privacy (correct)
• Decreased vulnerability to attacks
• Reduced risk of privacy violations
• Improved data encryption

Why should legacy applications be protected through the use of middleware?

To isolate direct access and manage data input/output (A)

What is a recommended practice for improving application security?

Addressing security issues in all phases of the SDLC (D)

How can developers benefit economically and efficiently in terms of application security?

By incorporating security in all SDLC phases (D)

What should an IT auditor do when auditing web applications?

Use a risk-based approach to assess vulnerabilities (B)

How can risk related to inadequate specifications be identified?

Based on previous experience and best practices (A)

When assessing risk in web application development, what should be the primary focus?

Application development risk, business risk, and technical vulnerabilities (A)

Why is it important for controls to reflect the specific development activity being reviewed?

To align controls with the way development is carried out in that area (D)

Flashcards are hidden until you start studying