Which of the following is NOT a basic secure coding practice?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Study for the Certified Associate in Healthcare Information and Management Systems Exam. Utilize flashcards and multiple-choice questions with hints and explanations. Prepare effectively for your healthcare IT certification!

Multiple Choice

Which of the following is NOT a basic secure coding practice?

Explanation:
The idea being tested is which coding practice supports strong security by reducing common weaknesses. Using hard-coded credentials is not a basic secure coding practice because it embeds secrets directly in the code. This makes them easy to discover if the code is exposed or checked into version control, and it prevents proper rotation and revocation of credentials. It also ties the secret to a specific executable or environment, increasing the blast radius if the secret is leaked. In contrast, validating input helps ensure only expected, safe data enters the system; checking authorization enforces that users can perform only permitted actions; and using parameterized queries prevents SQL injection by treating user-supplied data as data, not executable code. For secure coding, secrets should be managed securely outside of code—using a secrets manager or secure configuration—and rotated regularly.

The idea being tested is which coding practice supports strong security by reducing common weaknesses. Using hard-coded credentials is not a basic secure coding practice because it embeds secrets directly in the code. This makes them easy to discover if the code is exposed or checked into version control, and it prevents proper rotation and revocation of credentials. It also ties the secret to a specific executable or environment, increasing the blast radius if the secret is leaked.

In contrast, validating input helps ensure only expected, safe data enters the system; checking authorization enforces that users can perform only permitted actions; and using parameterized queries prevents SQL injection by treating user-supplied data as data, not executable code. For secure coding, secrets should be managed securely outside of code—using a secrets manager or secure configuration—and rotated regularly.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy