Professional Documents
Culture Documents
Executive MSC in Information Security
Executive MSC in Information Security
Executive MSC in Information Security
Application Security
FINAL EXAM
Date :
Time : 09.00 am to 11.30 am (150 minutes)
__________________________________________________________
INSTRUCTIONS TO CANDIDATES:
4. Describe how you can apply threat modelling for a mobile application.
[6 Marks]
5. As an application security specialist, what are the best practices that you
will recommend to your organization’s application secure development
lifecycles. Describe any Five with justifications.
[10 Marks]
[Q-02]
1. What is CSRF? Define and briefly explain how it works.
[4 Marks]
2. List Three different types of XSS attacks and briefly describe how a
developer can protect your website from them.
[4 Marks]
4. You have noticed that most of the staff of your organization use web
banking applications through their mobiles and computers. As an
information security specialist, what are your key advices to them. Justify
your recommendations.
[4 Marks]
3. List Three (3) Java Programming Language Platforms and briefly describe
[3 marks]
[Q-04]
1. What is managed and unmanaged code in .NET? Define
[2 marks]
3. How will you achieve application level security in .NET. Briefly explain.
[4 Marks]
3. Briefly describe how profiles and templates are used to control application
behavior.
[4 Marks]