Infosys Certified Application Security Specialist
Practice with real exam-pattern questions for Infosys Certified Application Security Specialist. Each question includes a detailed explanation to help you understand the concept, not just memorise the answer. Try 10 questions free — no login required.
Full question bank for this exam + 1,357+ others. Cancel anytime.
Join Premium10 Infosys Certified Application Security Specialist practice questions with answers
Real Lex exam-pattern multiple-choice questions for the Infosys Certified Application Security Specialist certification. Each question includes the correct answer. The full question bank is available to Premium members.
- Question 1
It is possible for one customer to view another customer's data by changing the URL argument. What vulnerability is this?
- ✓
HTTP Header Manipulation
Correct - B
Parameter Manipulation
- C
Forced Browsing
- D
Form Manipulation
- ✓
- Question 2
A set of technologies that analyze source code and binaries for coding that is indicative of security vulnerabilities
- ✓
GCC
Correct - B
VAPT
- C
SAST
- D
Complier
- ✓
- Question 3
Which of the following statements are TRUE? (Choose two options)
- ✓
DAST tools requires a running application to find the vulnerabilities.
Correct - B
DAST can be very effective during the "Code Development" phase of the SDLC
- C
Threat modelling involves reviewing the source code to identify potential security issues.
- D
Threat modelling involves reviewing the design diagrams (such as Data Flow Diagrams) to identify potential security issues.
- ✓
- Question 4
A healthcare organization is operating only in Europe. This organization collects and processes healthcare information and payment card information of its customers. Which of the following standards/regulations may be applicable to this organization? (Choose two)
- ✓
GDPR
Correct - B
HIPAA
- C
SOX
- D
PCIDSS
- ✓
- Question 5
Identify statements applicable to traceroute utility 1. Displays possible routes or paths 2. Shows latency between systems 3. Verifies connectivity between devices
- ✓
Only 1
Correct - B
Only 3
- C
Both 1 & 2
- D
Both 2 & 3
- ✓
- Question 6
During which phase of SDLC should Security and access controls be incorporated?
- ✓
Coding
Correct - B
Product design
- C
Software plans and requirements
- D
Detailed design
- ✓
- Question 7
Which of the following causes Injection attacks?
- ✓
Abort
Correct - B
Arbitrary code execution
- C
Elevation of privileges
- D
Incorrect filtering of user input
- ✓
- Question 8
As a web application user, what puts you at most risk to fall victim to a cross-site request forgery (CSRF) attack?
- ✓
Using an old browser
Correct - B
Using a web app that is not fully protected by SSL/TLS
- C
Using the "keep me logged in" option offered by web apps
- D
Using weak passwords
- ✓
- Question 9
Developers might have printed credentials entered by user to console for testing purposes.
This data can be exposed by accessing the log file of the application for native apps and from browser console for web apps.
This vulnerability is due to data leakage and can be classified under category?- ✓
Insecure Data Storage
Correct - B
Insecure Communication
- C
Insecure Authentication
- D
Code Tampering
- ✓
- Question 10
Enacted in 2002, this US Act requires a company to store financial records of last 5 years and holds the CEO and the CFO of a company responsible in case of any wrongdoings in company's financial statements. Choose the right one.
- ✓
SOX
Correct - B
HIPAA
- C
ISMS
- D
PCIDSS
- ✓
More in Security
Infosys Certified CyberArk Defender
Infosys Certified Offensive Security Professional
Infosys Certified Associate in Cyber Defense Center
Pay once. Clear every cert this year.
One subscription, full Telegram channel access, every PDF posted during your membership.
- Full access to all 1,357+ certifications
- Monthly updated question banks
- Telegram private channel access
- Cancel anytime
- Everything in Monthly
- Save ₹2,100 vs monthly billing
- Priority answer key requests
- Best for increasing DQ score fast
- Everything in Quarterly
- Lifetime channel access — no renewals
- All future certifications included
- Priority response from admin team
Common questions, straight answers.
A monthly-updated Telegram channel where we post real exam-pattern question banks and detailed answer keys for 1,357+ Infosys Lex certifications. You join once, you get every PDF posted during your membership.
Right after payment on our Graphy page, you'll receive a private invite link to the Telegram channel. Access is instant — usually under 30 seconds.
We compile question banks from the actual Lex test pattern, sourced and verified by 180K+ community members who've recently cleared these exams. Match rate is consistently 85–95%.
Every single month. When Infosys rolls out new versions of certifications, we post updated dumps within 7–10 days. You'll see channel activity weekly.
Clearing certifications is one of the highest-weighted DQ factors. Members typically clear 3–5 certifications in their first 3 months, which moves DQ scores up by a full band.