Interview Questions and Answers for 'Security' | Search Java Interview Question - javasearch.buggybread.com
Javasearch.buggybread.com
Share

Search Interview Questions


 3193 questions in repository.
 There are more than 200 unanswered questions.
Click here and help us by providing the answer.
 Have a video suggestion.
Click Correct / Improve and please let us know.
Label / Company      Label / Company / Text

   



Spring Security


   




Interview Questions and Answers for 'Security' - 18 question(s) found - Order By Newest

Advanced level question. Frequently asked in High end product companies. Frequently asked in Cognizant and Deloitte ( Based on 2 feedback )
  Q1. Why is String immutable in Java ?Core Java
Anonymous
Ans. 1. String Pool - When a string is created and if it exists in the pool, the reference of the existing string will be returned instead of creating a new object. If string is not immutable, changing the string with one reference will lead to the wrong value for the other references.

Example -

String str1 = "String1";
String str2 = "String1"; // It doesn't create a new String and rather reuses the string literal from pool

// Now both str1 and str2 pointing to same string object in pool, changing str1 will change it for str2 too

2. To Cache its Hashcode - If string is not immutable, One can change its hashcode and hence it's not fit to be cached.

3. Security - String is widely used as parameter for many java classes, e.g. network connection, opening files, etc. Making it mutable might possess threats due to interception by the other code segment.

 Help us improve. Please let us know the company, where you were asked this question :   


   Like      Discuss      Correct / Improve     java   oops   string   string class   immutable  immutability   advanced     Barclays  Jungo  Cloudera  Allston  Man Group  Prokarma  Optimus  Gamesys  ABS  TransPerfect  Fidelity  Deloitte  Zalando  Cognizant (CTS)  Zeta Interactive  SuccessFactors   EchoStar  InterGlobe Technologies  HCL Technologies  Intuit  JP Morgan  Optimus Information  Faichi Solutions  Blip  Adobe  Subex Limited  Remo Software  Allstate  IBM  Bizmatics  Bytecode Cyber Security  Calsoft Systems  IDS Infotech  Nakisa  HSBC      expert        frequent

Try 4 Question(s) Test


 Q2. How does making string as immutable helps with securing information ? How does String Pool pose a security threat ?Core Java2017-06-22 11:32:57

Ans. String is widely used as parameter for many java classes, e.g. network connection, opening files, etc. Making it mutable might possess threats due to interception by the other code segment or hacker over internet.

Once a String constant is created in Java , it stays in string constant pool until garbage collected and hence stays there much longer than what's needed. Any unauthorized access to string Pool pose a threat of exposing these values.


 Help us improve. Please let us know the company, where you were asked this question :   

   Like      Discuss      Correct / Improve     Security  String pool   string immutable  immutability      expert        rare


Frequently asked in all types of companies especially Indian Services companies. Frequently asked in CTS (Based on 2 feedback)
  Q3. What is the use of hashcode in Java ?Core Java
Anonymous
Ans. Hashcode is used for bucketing in Hash implementations like HashMap, HashTable, HashSet etc. The value received from hashcode() is used as bucket number for storing elements. This bucket number is the address of the element inside the set/map. when you do contains() then it will take the hashcode of the element, then look for the bucket where hashcode points to and if more than 1 element is found in the same bucket (multiple objects can have the same hashcode) then it uses the equals() method to evaluate if object are equal, and then decide if contain() is true or false, or decide if element could be added in the set or not.

 Help us improve. Please let us know the company, where you were asked this question :   


   Like      Discuss      Correct / Improve     java   collections   hashcode   advanced  hashtable     Cognizant (CTS)  Compro Technologies  VigLink  Proofpoint  Accolite  Foot Locker  IMC Trading  LG Mobile Phones  Probity Soft  EPPS Infotech  AbeBooks  LiquidNet  Google  Girmiti Software  Hashcode IT Solutions  Aurionpro Solutions  Insonix  Genpact  Trentor  CatalystOne Solutions  RedBlink  Bayatree Infocom  Security Weaver  Steg Technologies  Roshi Software Solutions  DreamSoft4u  Decipher Zone Softwares  Precise Automation & Robotics  Componence  Dainik Navajyoti  Bodacious IT Hub  Naggaro      intermediate        frequent

Try 1 Question(s) Test


Advanced level question usually asked to senior developers , leads and architects.
 Q4. How does volatile affect code optimization by compiler?Core Java
Admin
info@buggybread.com
Ans. Volatile is an instruction that the variables can be accessed by multiple threads and hence shouldn't be cached. As volatile variables are never cached and hence their retrieval cannot be optimized.

 Help us improve. Please let us know the company, where you were asked this question :   

   Like      Discuss      Correct / Improve     java   java keywords   volatile   synchronization   compiler optimization   variable caching   architecture     Embedded security  Driver engineer  Sokrati      expert


 Q5. Java doesn't provide exclusive access to memory like C/C++ and other lower level languages ? What are the advantanges and disadvantages ?Core Java2017-05-20 16:22:05

Ans. Yes, doesn't provide exclusive access as we cannot allocate and deallocate memory exclusively as Java internally manages it. The advantage of this is that it relieves the coder for such tasks and helps protect from many bugs that may get introduced with imperfect coding. Moreover as java garbage collector collects all unclaimed memory or objects, it helps the application from memory leaks.

On the flip side , as coder doesn't have extensive excess to memory , it is upto java to decide on the state for programming construct and data storage and hence may introduce some security risks. For example - Java keeps string literals in string pool and there is no exclusive way to remove it and hence may stay and sensitive data in string pool may introduce security issues. Moreover when we overwrite a value or object for a variable / reference, it is upto java to purge those values and hence it may stay in memory for a while till java decide that it is no longer referenced and hence should be removed and hence makes it vulnerable for inappropriate access.

 Help us improve. Please let us know the company, where you were asked this question :   

   Like      Discuss      Correct / Improve     disadvantages of garbage collection  advantages and disadvantages of java memory management  java for security applications  java with sensitive data  memory management


 Q6. Can a EC2 instance have multiple Security Groups ? Can a single security group be assigned to multiple Ec2 instances ? If either of them is true , doesn't it result in conflict ?Amazon Web Services (AWS)2019-01-17 21:01:56

Ans. We can assign multiple security groups to single instance and we can use single security group with multiple instances.

It never results in conflict as security groups only have allow rules and no deny rules. Multiple security groups for an instance results in union of all rules.

 Help us improve. Please let us know the company, where you were asked this question :   

   Like      Discuss      Correct / Improve     aws ec2  aws computing  amazon cloud computing  amazon ec2  aws security group


 Q7. What is a certificate authority ?Security2017-01-23 12:58:48

Ans. A trusted organization which issues public key certificates and provides identification to the bearer.

 Help us improve. Please let us know the company, where you were asked this question :   

   Like      Discuss      Correct / Improve     authentication  auth certificates


 Q8. What is ACL ?Operating System2017-03-01 09:45:12

Ans. Access Control List or ACL is the list of permissions attached to an object in the File System.

 Help us improve. Please let us know the company, where you were asked this question :   

   Like      Discuss      Correct / Improve     acl  file system  file security  object security  operating system


 Q9. Can you tell something about Web security ?Web2018-06-26 19:15:58

 This question was recently asked at 'Symantec'.This question is still unanswered. Can you please provide an answer.


 Help us improve. Please let us know the company, where you were asked this question :   

   Like      Discuss      Correct / Improve     web security     Symantec



Do you think these are the Best Java Frameworks ?

OpenXavaSPRING MVCApache StripesCheck everything
that is Best in Java

Click Here



  Q10. What are the types of authentication used in Web services ?Web Service2018-07-14 11:02:27

Ans. Encrypted User Name / Password
Encrypted Password within Cookie
Encrypted Tokens
IP
Client Certificates
Oauth

 Help us improve. Please let us know the company, where you were asked this question :   

   Like      Discuss      Correct / Improve     authentication  security  web service     Infor  Symantec  Proofpoint  Sofi  Lockheed Martin  Booz Allen  Deloitte  Accenture  Accenture India  HCL Technologies  Palantir  VMware      basic        frequent


 Q11. Have you ever changed IAM policy ?Amazon Web Services (AWS)2018-10-26 11:42:11

Ans. Yes I did it for an execution role of a Lambda function to give it write access on S3 bucket.

 Help us improve. Please let us know the company, where you were asked this question :   

   Like      Discuss      Correct / Improve     aws security  aws iam  amazon iam


 Q12. What is DDOS attack ?Security2018-10-29 09:04:07

Ans. DDOS is denial of service attack in which the hacker seeks to make a machine or resource unavailable to its expected users by disrupting services.

 Help us improve. Please let us know the company, where you were asked this question :   

   Like      Discuss      Correct / Improve     ddos  cyber security


 Q13. What is XSS or Cross site scripting ?Security2018-11-14 12:52:40

 This question was recently asked at 'USAA , BlueCoat,Symantec'.This question is still unanswered. Can you please provide an answer.


 Help us improve. Please let us know the company, where you were asked this question :   

   Like      Discuss      Correct / Improve          USAA    BlueCoat  Symantec


 Q14. Which IAM policy condition key should be used if you want to check whether the request was sent using SSL?Amazon Web Services (AWS)2019-01-08 15:55:37

Ans. AWS: secure transport

 Help us improve. Please let us know the company, where you were asked this question :   

   Like      Discuss      Correct / Improve     aws security  aws iam  amazon iam


 Q15. How have you configured Security Groups ?Amazon Web Services (AWS)2019-01-17 20:55:41

 This question is still unanswered. Can you please provide an answer.


 Help us improve. Please let us know the company, where you were asked this question :   

   Like      Discuss      Correct / Improve     aws security group


 Q16. Can we deny access for particular IP using Security Groups ?Amazon Web Services (AWS)2019-01-17 21:03:43

Ans. No, We can do that through ACL

 Help us improve. Please let us know the company, where you were asked this question :   

   Like      Discuss      Correct / Improve     aws security group


 Q17. Describe best practices with respect to AWS security groups ?Amazon Web Services (AWS)2019-01-25 18:00:27

 This question was recently asked at 'SparkPost'.This question is still unanswered. Can you please provide an answer.


 Help us improve. Please let us know the company, where you were asked this question :   

   Like      Discuss      Correct / Improve     aws security groups     SparkPost


 Q18. If you are asked to develop a financial system, how would you make sure that there are proper checks , balances and audits ?Solution2019-01-31 20:29:03

 This question was recently asked at 'BzzAgent'.This question is still unanswered. Can you please provide an answer.


 Help us improve. Please let us know the company, where you were asked this question :   

   Like      Discuss      Correct / Improve     Design  Security     BzzAgent




Subscribe to Java News and Posts. Get latest updates and posts on Java from Buggybread.com
Enter your email address:
Delivered by FeedBurner



comments powered by Disqus
 

Help us and Others Improve. Please let us know the questions asked in any of your previous interview.

Any input from you will be highly appreciated and It will unlock the application for 10 more requests.

Company Name:
Questions Asked:
         

X Close this

X Close this

Help Us Improve.
Please share your
interview experience.

Company Name:   


Questions Asked: