Question 1 The use of a white list rather than a black list for input validation is Not complete Select one: irrelevant to the principle of secure defaults a. Marked out of 1 b. relevant to the principle of open design Flag question C. recommended based on the principle of secure defaults d. not recommended based on the principle of secure defaults Clear my choice Check Question 2 The principle of defense in depth says that a system Not complete a. none of the above Marked out of 1 b. aim to not rely on a single security control to defend against a threat C. aim to assume that all security controls used will not fail p Flag question d. aim to use a single security control to defend against each threat Check Question 3 Following the "Fail to a secure mode" principle, if an error occurs in an application, the application should Not complete Select one: a Inform the user that an error occurred and what user should do about it. Marked out of 1 b. none of the above Flag question C. Let the operating system display its error conditions to the user d. Display to the user full details on the type of error and internal system variables. Check Question 4 In a typical programming language (e.g. C), suppose x is an unsigned short (16-bit) integer variable with the value 1 before the statement "x = x - 3;" is executed. What would likely be the hex value of x after the statement is executed? Not complete Marked out of 1 Select one: p Flag a. 65532 (hex Oxfffc) question Ob. 65534 (hex Oxfffe) O c. 65535 (hex Oxffff) O d. 0 (hex 0x0000) Check Question 5 The best way to prevent command injection vulnerabilities is to Not complete Select one: a. use a command API that takes both commands and data in one argument Marked out of 1 b. none of the above | Flag O c. use a command API that takes commands and data as separate arguments question d. Strip out dangerous commands from user input Check