Infosys Certified Secure Software Implementer
Practice with real exam-pattern questions for Infosys Certified Secure Software Implementer. Each question includes a detailed explanation to help you understand the concept, not just memorise the answer. Try 10 questions free — no login required.
Full question bank for this exam + 1,357+ others. Cancel anytime.
Join Premium10 Infosys Certified Secure Software Implementer practice questions with answers
Real Lex exam-pattern multiple-choice questions for the Infosys Certified Secure Software Implementer certification. Each question includes the correct answer. The full question bank is available to Premium members.
- Question 1
WeEx is one of the reputed banks. They have a web application WeExLive that helps its account holders do transactions online round the clock. WeExLive application having implemented various functionalities to ease the job of customers , is thinking about providing 'Password recovery' feature. Which amongst the following need to be taken into consideration with respect to implementation of this feature. (Choose exactly 2 options)
- ✓ The question being asked to recover the password should be complex Correct
- B The password after recovery should be sent to the email registered by the customers for security purpose
- C The password after recovery needs to be displayed on the web page of the application which is more secure
- D The question asked should be simple enough to support the customer in recovering the password easily
- Question 2
Swetha is a Technical Architect for Human Resource Management (HRM) Application. As a best practice, Swetha generates a Threat modeling report using a threat modeling tool available in the market. From the report findings, she came up with the recommendations to tackle the security defects in the HRM application. Identify from the below option, which tool Swetha would have used to generate a Threat Modeling report.
- ✓ Microsoft Security Development Life Cycle (MS SDL) Correct
- B Load Runner
- C CodeSecure
- D Win Runner
- Question 3
Arun books his ticket online through the travel website successfully. One of his friends, Ram, also wants to book his tickets online and asks the webiste URL from Arun. Arun shares the URL of the web page where he provided the required inputs and the transaction was successful. Ram is successful in booking the ticket , however the amount has been debited from Arun's account. Identify the flaw in the application which has resulted in debiting the amount from Arun's account instead of Ram?
- ✓ Missing authentication on every web page in the application Correct
- B Poor Session Management
- C Ram has been able to book his tickets successfully and hence no flaw
- D Input data validation not done
- Question 4
Mitigating the risks involved in any web application refers to ______
- ✓ Attack Correct
- B Vulnerability
- C Threat
- D Countermeasures
- Question 5
In spite of all precautionary measures, the security in an application always remains a challenge. Why so? (Choose exactly 2 options)
- ✓ Even a single loop hole in the application can provide an entry point to the attacker Correct
- B Security can never be a challenge in application that takes care of the top 10 vulnerabilities stated by OWASP
- C Development team has to know about the various threats that could impact their application and appropriately have relevant countermeasures in making the application fool proof on security aspects
- D Security is never a challenge if the development team addresses the application security completely
- Question 6
John, a team leader of a leading software organization has been assigned the responsibility of ensuring application security in one of the critical projects. While discussing with the team on securing password, John puts forth the below options as suggestions. Identify the suggestion that has to be implemented by the team.
- ✓ Passwords need to be strong enough Correct
- B Passwords need to be changed periodically
- C Password lock after an appropriate number of trials should be supported
- D All of the above options
- Question 7
A library management system,LMS, is being used by a college to manage the book transactions by students and faculties with library. The functionalities of the application have been grouped and access permissions have been given based on the role played by the user. However one of the modules that was recently added for the role 'admin' did not include the routine to check the access privilege before rendering the web page. One of the students, Jack, with the idea of exploring the features of the application tried manipulating the URLs. In this process, Jack, not having admin privileges was able to view the web page.Identify the vulnerability in the application which has made Jack's attempt successful.
- ✓ Cross Site Scripting Correct
- B Session management
- C CSRF
- D Failure to restrict URL access
- Question 8
In ensuring application security, one of the important areas that need to be focussed is session management. In which of the following cases,as a part of session management , session tokens should be regenerated ?
- ✓ After certain number of requests Correct
- B At regular intervals
- C After change in user privilege
- D After logout
- Question 9
Codewell Limited is developing a web application,esale for FirmNFine Private Limited which is one of the big names in the Automobile industry. The web application is intended to promote the sales of their wide range of automobiles in the global market. With security being the prime concern to be addressed in eSale, different measures are taken by the security experts to safe guard the application against any potential attack. Which of the following strategies need NOT be focussed in eSale to prevent Cross Site Scripting attack?
- ✓ Send user supplied data through a secure channel like SSL Correct
- B Enforce response length
- C Do not echo user input without proper sanitation
- D Disable scripting in the web browser and from e-mail clients
- Question 10
Which one of the following options will NOT result in Security Misconfiguration?
- ✓ Patch not updated properly Correct
- B Encrypting sensitive data using simple algorithms
- C Relying on default installation settings
- D Not disabling unused services
More in Security
Infosys Certified CyberArk Defender
Infosys Certified Offensive Security Professional
Infosys Certified Associate in Cyber Defense Center
Pay once. Clear every cert this year.
One subscription, full Telegram channel access, every PDF posted during your membership.
- Full access to all 1,357+ certifications
- Monthly updated question banks
- Telegram private channel access
- Cancel anytime
- Everything in Monthly
- Save ₹2,100 vs monthly billing
- Priority answer key requests
- Best for increasing DQ score fast
- Everything in Quarterly
- Lifetime channel access — no renewals
- All future certifications included
- Priority response from admin team
Common questions, straight answers.
A monthly-updated Telegram channel where we post real exam-pattern question banks and detailed answer keys for 1,357+ Infosys Lex certifications. You join once, you get every PDF posted during your membership.
Right after payment on our Graphy page, you'll receive a private invite link to the Telegram channel. Access is instant — usually under 30 seconds.
We compile question banks from the actual Lex test pattern, sourced and verified by 180K+ community members who've recently cleared these exams. Match rate is consistently 85–95%.
Every single month. When Infosys rolls out new versions of certifications, we post updated dumps within 7–10 days. You'll see channel activity weekly.
Clearing certifications is one of the highest-weighted DQ factors. Members typically clear 3–5 certifications in their first 3 months, which moves DQ scores up by a full band.