Financial Services Open Source Developer Exam: Questions and Answers, Exams of Technology

A series of questions and answers related to open source licenses and their implications for financial institutions. It covers topics such as permissive vs. Copyleft licenses, contributor license agreements, security vulnerabilities, and intellectual property risks. The questions are designed to test the knowledge of developers working with open source software in the financial sector, focusing on license compliance, security, and best practices. It provides valuable insights into the legal and practical considerations for using open source in a regulated environment.

Typology: Exams

2024/2025

Available from 09/11/2025

BookVenture
BookVenture 🇮🇳

3.2

(20)

26K documents

1 / 71

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Financial Services Open Source Developer Exam
Question 1. Which of the following is a characteristic of a permissive open source license, such as MIT or
Apache 2.0?
A) It requires derivative works to be licensed under the same terms
B) It allows code to be used in proprietary software without copyleft obligations
C) It prohibits commercial use
D) It restricts sublicensing
Answer: B
Explanation: Permissive licenses like MIT and Apache 2.0 allow code to be incorporated into proprietary
software without imposing the copyleft requirements of licenses like GPL.
Question 2. What distinguishes a strong copyleft license like GPL from a weak copyleft license like LGPL?
A) GPL restricts use in all commercial applications
B) GPL requires all derivative works to be licensed under GPL, while LGPL allows linking with proprietary
code
C) LGPL prohibits any modifications
D) GPL allows for proprietary relicensing
Answer: B
Explanation: GPL enforces the same license on all derivative works, while LGPL permits linking with
proprietary software under certain conditions.
Question 3. What is the purpose of a Contributor License Agreement (CLA) in open source projects?
A) To restrict use of contributed code
B) To clarify the rights of contributors and the project in using and relicensing contributions
C) To enforce payment for contributors
D) To prevent any modifications to the code
Answer: B
Explanation: CLAs clarify intellectual property rights, ensuring that contributions can be legally used and
relicensed by the project.
Question 4. Which license would best suit a company wanting to share code openly but also allow for
proprietary use by others?
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47

Partial preview of the text

Download Financial Services Open Source Developer Exam: Questions and Answers and more Exams Technology in PDF only on Docsity!

Question 1. Which of the following is a characteristic of a permissive open source license, such as MIT or Apache 2.0? A) It requires derivative works to be licensed under the same terms B) It allows code to be used in proprietary software without copyleft obligations C) It prohibits commercial use D) It restricts sublicensing Answer: B Explanation: Permissive licenses like MIT and Apache 2.0 allow code to be incorporated into proprietary software without imposing the copyleft requirements of licenses like GPL. Question 2. What distinguishes a strong copyleft license like GPL from a weak copyleft license like LGPL? A) GPL restricts use in all commercial applications B) GPL requires all derivative works to be licensed under GPL, while LGPL allows linking with proprietary code C) LGPL prohibits any modifications D) GPL allows for proprietary relicensing Answer: B Explanation: GPL enforces the same license on all derivative works, while LGPL permits linking with proprietary software under certain conditions. Question 3. What is the purpose of a Contributor License Agreement (CLA) in open source projects? A) To restrict use of contributed code B) To clarify the rights of contributors and the project in using and relicensing contributions C) To enforce payment for contributors D) To prevent any modifications to the code Answer: B Explanation: CLAs clarify intellectual property rights, ensuring that contributions can be legally used and relicensed by the project. Question 4. Which license would best suit a company wanting to share code openly but also allow for proprietary use by others?

A) GPLv B) MIT C) AGPL D) MPL Answer: B Explanation: The MIT license is highly permissive, allowing free use, modification, and inclusion in proprietary projects. Question 5. What is a primary concern for financial institutions when consuming open source software? A) Color schemes of the software B) Security vulnerabilities and license compliance C) Brand recognition D) Software aesthetics Answer: B Explanation: Financial institutions must ensure that open source components do not introduce security risks or legal compliance issues. Question 6. Which of the following best describes the "viral" nature of the GPL license? A) It spreads malware B) It requires derivative works to also be licensed under GPL C) It prohibits code reuse D) It enforces payment for usage Answer: B Explanation: The GPL’s “viral” aspect means any derivative work must also be distributed under the GPL. Question 7. What does the Apache 2.0 license include that the MIT license does not? A) Patent grant B) Copyleft requirements C) Restriction on commercial use

Explanation: InnerSource uses open source practices but for internal, private projects. Question 11. In the context of open source, what does "forking" a project mean? A) Deleting the repository B) Creating a personal copy to modify independently C) Closing issues D) Granting a patent Answer: B Explanation: Forking refers to copying a project to develop along a separate path. Question 12. Which open source license is considered a weak copyleft? A) LGPL B) GPL C) MIT D) Apache 2. Answer: A Explanation: LGPL is a weak copyleft license, as it allows linking to proprietary software under certain conditions. Question 13. Which of the following is NOT typically a requirement of the MIT License? A) Including the license text in derived works B) Making derivative works open source C) Attribution to original authors D) Allowing use for any purpose Answer: B Explanation: MIT does not require derivatives to be open source, only attribution and inclusion of the license. Question 14. Why is software copyright important in open source projects?

A) It prevents anyone from using the software B) It defines ownership and rights for usage and distribution C) It only applies to proprietary software D) It is not legally recognized Answer: B Explanation: Copyright establishes ownership and usage rights, even in open source contexts. Question 15. Which of the following would most likely trigger a license compliance issue in a financial institution? A) Using a GPL library in proprietary software B) Using MIT-licensed code with proper attribution C) Using Apache 2.0 with included NOTICE file D) Using BSD-licensed code Answer: A Explanation: Incorporating GPL code into proprietary software can require the entire work to be GPL- licensed, risking compliance. Question 16. What does the BSD license require for redistribution? A) Source code must be closed B) Attribution and inclusion of the license text C) Payment of royalties D) No requirements Answer: B Explanation: BSD requires attribution and the license text to be included in redistributions. Question 17. Why might a financial institution prefer using Apache 2.0 over GPL for internal tools? A) Apache 2.0 prohibits commercial use B) Apache 2.0 includes a patent grant and is more permissive C) GPL allows for more restrictive control

Question 21. What is the significance of license compatibility in open source projects? A) It determines if different open source components can be combined legally B) It affects the programming language C) It dictates security settings D) It is irrelevant for software Answer: A Explanation: License compatibility ensures that code under different licenses can be combined without violating terms. Question 22. Which document typically outlines how contributors grant rights to their code in open source projects? A) Contributor License Agreement (CLA) B) End-User License Agreement (EULA) C) Service Level Agreement (SLA) D) Memorandum of Understanding (MOU) Answer: A Explanation: The CLA defines how contributions can be used and what rights are granted. Question 23. Which open source license is known for its simplicity and minimal requirements? A) Apache 2. B) BSD C) MIT D) AGPL Answer: C Explanation: MIT is one of the simplest and most permissive licenses. Question 24. What is the main requirement of strong copyleft licenses for derivative works? A) They must be relicensed as proprietary

B) They must be licensed under the same copyleft license C) They must be kept private D) They must pay royalties Answer: B Explanation: Strong copyleft requires derivatives to be licensed under the same terms. Question 25. What is a "derivative work" in the context of open source licensing? A) A copy without changes B) A work based on or incorporating another work C) A trademarked product D) An unrelated software Answer: B Explanation: Derivative works are those that are based on or incorporate another work. Question 26. What does “patent grant” in open source licenses like Apache 2.0 mean? A) Users receive a license to any patents the contributor may hold in the code B) Users must pay for patents C) Patents are not allowed D) Patents become public domain Answer: A Explanation: Apache 2.0 grants users a license to contributor-held patents in the code. Question 27. What is the primary function of vulnerability management in open source consumption? A) Tracking marketing trends B) Identifying and remediating security weaknesses in dependencies C) Speeding up code compilation D) Improving code readability Answer: B Explanation: Vulnerability management aims to find and fix security issues in software dependencies.

C) Regulating company finances D) Defining open source strategy Answer: C Explanation: An OSPO does not manage company finances. Question 32. Which of the following would NOT be considered a "copyleft" license? A) GPL B) MIT C) AGPL D) LGPL Answer: B Explanation: MIT is permissive, not copyleft. Question 33. What is a key consideration before publicly releasing a financial institution's internal software as open source? A) Ensuring no confidential or proprietary information is included B) Adding as many features as possible C) Reducing code comments D) Limiting documentation Answer: A Explanation: All confidential/proprietary info must be removed before open sourcing. Question 34. Which license is best for maximizing software freedom for end users, including the right to modify and redistribute? A) GPL B) Commercial C) EULA D) Proprietary Answer: A

Explanation: The GPL maximizes user freedoms, including modification and redistribution. Question 35. What is the main risk of using outdated open source libraries in financial applications? A) Increased licensing fees B) Exposure to unpatched security vulnerabilities C) Reduced performance D) Enhanced security Answer: B Explanation: Outdated libraries may contain unpatched vulnerabilities. Question 36. What is the best initial step when adopting a new open source library in a regulated environment? A) Evaluate the library for security, licensing, and maintenance factors B) Immediately deploy to production C) Skip legal review D) Ignore documentation Answer: A Explanation: Evaluation of security, licensing, and maintenance is critical before adoption. Question 37. Why is it important for financial institutions to document their open source usage? A) To comply with regulatory, legal, and security requirements B) To increase marketing C) For aesthetic reasons D) To reduce code size Answer: A Explanation: Documentation supports compliance in regulated environments. Question 38. What is dual licensing in open source? A) Offering software under two different licenses

Question 42. How does a permissive license benefit a commercial software product? A) Allows integration without copyleft obligations B) Requires all code to be open sourced C) Prohibits commercial use D) Requires patent assignment Answer: A Explanation: Permissive licenses allow proprietary integration. Question 43. What is the primary goal of patch management in open source consumption? A) Ensuring timely updates to address vulnerabilities and bugs B) Preventing code reuse C) Increasing code complexity D) Avoiding documentation Answer: A Explanation: Patch management keeps software secure and stable. Question 44. Why is it important for financial services firms to monitor CVEs in their open source dependencies? A) To identify and remediate security risks quickly B) To increase social media presence C) To improve branding D) To change programming languages Answer: A Explanation: Monitoring CVEs helps mitigate security risks. Question 45. What is a "compliance report" in the context of OSS usage? A) A document detailing open source components and their licenses B) A marketing brochure

C) A performance test D) A financial audit Answer: A Explanation: Compliance reports track OSS components and licenses for legal and regulatory purposes. Question 46. What is the role of a "license steward" in an open source project? A) Managing and clarifying the application of the project’s license B) Writing all the code C) Handling marketing D) Approving all pull requests Answer: A Explanation: A license steward oversees licensing issues and interpretations. Question 47. What is typically included in a CLA (Contributor License Agreement)? A) Grant of copyright/license to the project B) Marketing guidelines C) Payroll information D) Prohibition of all contributions Answer: A Explanation: CLAs grant necessary rights to the project for contributed code. Question 48. What is the main difference between Apache 2.0 and BSD licenses? A) Apache 2.0 includes a patent grant; BSD does not B) BSD is copyleft; Apache is not C) Apache 2.0 prohibits commercial use D) BSD requires code secrecy Answer: A Explanation: Apache 2.0 includes explicit patent provisions, unlike BSD.

D) Provide marketing content Answer: A Explanation: License headers clarify the legal terms for the file. Question 53. Why is it important for a financial institution to have an open source approval process? A) To manage risk and ensure compliance B) To slow down development C) To increase marketing reach D) To avoid software updates Answer: A Explanation: Approval processes manage legal and security risks. Question 54. What is the main function of a NOTICE file in open source projects? A) To include required legal notices and attributions B) To store error logs C) To list software features D) To provide demo code Answer: A Explanation: The NOTICE file is for legal notices and attributions. Question 55. What is a key benefit of using open source software in financial services? A) Access to community-driven innovation and rapid bug fixes B) Increased license fees C) Reduced security D) Less documentation Answer: A Explanation: Open source fosters innovation and community support. Question 56. What type of license is the Mozilla Public License (MPL)?

A) Weak copyleft B) Strong copyleft C) Permissive D) Proprietary Answer: A Explanation: MPL is a file-level weak copyleft license. Question 57. Which of the following is an example of an SCA (Software Composition Analysis) tool? A) Black Duck B) Photoshop C) Microsoft Word D) PowerPoint Answer: A Explanation: Black Duck is a leading SCA tool. Question 58. Why should financial institutions maintain a software bill of materials (SBOM)? A) To track all third-party and open source components for compliance and security B) For marketing analysis C) To increase code size D) For payroll calculations Answer: A Explanation: An SBOM lists all components, aiding compliance and risk management. Question 59. Which of the following best describes the LGPL license? A) Allows linking with proprietary programs under certain conditions B) Requires all derivatives to be open source C) Prohibits commercial use D) Disallows modification Answer: A

B) GPL

C) AGPL

D) MPL

Answer: A Explanation: MIT does not require source disclosure for derivatives. Question 64. What is the role of a “release manager” in open source governance? A) Oversee release process and ensure compliance with licensing B) Write all project code C) Handle customer complaints D) Manage payroll Answer: A Explanation: Release managers coordinate releases and compliance. Question 65. What does “license proliferation” refer to in open source? A) The large number of different open source licenses in use B) Rapid code duplication C) Increasing malware D) Software piracy Answer: A Explanation: License proliferation refers to the growing number of OSS licenses. Question 66. Which of the following is NOT an example of a copyleft license? A) MIT B) GPL C) AGPL D) LGPL Answer: A Explanation: MIT is permissive, not copyleft.

Question 67. What is a “dependency” in software development? A) An external library or component on which a project relies B) A marketing plan C) An employee contract D) A financial statement Answer: A Explanation: Dependencies are external code or libraries a project uses. Question 68. What is the primary risk of failing to track open source dependencies in a financial application? A) Inability to address vulnerabilities or license violations B) Increased code speed C) More frequent updates D) Enhanced security Answer: A Explanation: Untracked dependencies can introduce vulnerabilities or legal risks. Question 69. Why do some open source projects require a DCO instead of a CLA? A) DCO is simpler and relies on a sign-off attestation B) DCO prohibits contributions C) DCO allows for proprietary licensing D) DCO increases code complexity Answer: A Explanation: DCO is a simpler way to ensure contributors have the rights to submit code. Question 70. Which of the following describes a software “fork”? A) A copy of a project created to develop independently B) A payroll process