PrepIQ Certified Application Security Engineer CASE Ultimate Exam, Exams of Technology

This exam tests secure software development skills across SDLC stages. Topics include secure coding, code review techniques, vulnerability identification, application architecture threats, DevSecOps pipelines, software testing, static/dynamic analysis, API security, mobile app security, and secure deployment. Ideal for developers integrating security into applications and development lifecycles.

Typology: Exams

2025/2026

Available from 05/01/2026

shilpi-jain-3
shilpi-jain-3 🇮🇳

2.5

(11)

80K documents

1 / 89

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
PrepIQ Certified Blockchain Professional Ultimate
Exam
**Question 1.** Which characteristic best distinguishes a distributed ledger from a
centralized database?
A) Use of SQL queries
B) Single point of control
C) Replication of data across multiple nodes
D) Mandatory user authentication
Answer: C
Explanation: Distributed ledgers store identical copies of the ledger on many
independent nodes, eliminating a single controlling authority.
**Question 2.** In the context of DLT, immutability refers to:
A) The ability to edit past transactions freely
B) The permanent recording of data once consensus is reached
C) The requirement for a central administrator to approve changes
D) The use of mutable smart contracts
Answer: B
Explanation: Immutability means that once a block is added and finalized, its data
cannot be altered without breaking consensus.
**Question 3.** Which early system introduced the concept of proof-of-work to
combat email spam?
A) BitTorrent
B) Hashcash
C) SSL
D) PGP
Answer: B
Explanation: Hashcash (1997) required a computational puzzle to be solved before
sending an email, laying groundwork for PoW in blockchain.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59

Partial preview of the text

Download PrepIQ Certified Application Security Engineer CASE Ultimate Exam and more Exams Technology in PDF only on Docsity!

Exam

Question 1. Which characteristic best distinguishes a distributed ledger from a centralized database? A) Use of SQL queries B) Single point of control C) Replication of data across multiple nodes D) Mandatory user authentication Answer: C Explanation: Distributed ledgers store identical copies of the ledger on many independent nodes, eliminating a single controlling authority. Question 2. In the context of DLT, immutability refers to: A) The ability to edit past transactions freely B) The permanent recording of data once consensus is reached C) The requirement for a central administrator to approve changes D) The use of mutable smart contracts Answer: B Explanation: Immutability means that once a block is added and finalized, its data cannot be altered without breaking consensus. Question 3. Which early system introduced the concept of proof-of-work to combat email spam? A) BitTorrent B) Hashcash C) SSL D) PGP Answer: B Explanation: Hashcash (1997) required a computational puzzle to be solved before sending an email, laying groundwork for PoW in blockchain.

Exam

Question 4. A block header typically contains all of the following EXCEPT: A) Previous block hash B) Merkle root of transactions C) Timestamp D) List of transaction inputs Answer: D Explanation: Transaction inputs belong to the transaction data section, not the block header. Question 5. Which structure is used to efficiently verify the inclusion of a transaction within a block? A) Binary Search Tree B) Merkle Tree C) Linked List D) Hash Table Answer: B Explanation: Merkle trees allow a compact proof (Merkle path) that a transaction is part of a block. Question 6. Public blockchains are also known as: A) Permissioned networks B) Consortium ledgers C) Permissionless networks D) Private ledgers Answer: C Explanation: Public blockchains allow anyone to read, write, and validate without prior permission.

Exam

Explanation: Bitcoin tracks unspent transaction outputs rather than account balances. Question 10. In the account model, a transaction modifies: A) A list of unspent outputs B) The balance field of an address record C) The hash of the previous block D) The Merkle root only Answer: B Explanation: Account-based systems (e.g., Ethereum) directly update the balance associated with an address. Question 11. The “double-spend” problem is solved in blockchain by: A) Central authority verification B) Using a single-node database C) Consensus and immutable ordering of transactions D) Frequent data backups Answer: C Explanation: Consensus ensures each transaction is recorded once in a globally agreed order, preventing duplicate spending. Question 12. A hard fork differs from a soft fork because: A) It is backward compatible B) It requires all nodes to upgrade to the new rules C) It only changes transaction fees D) It never changes consensus rules Answer: B

Exam

Explanation: Hard forks introduce non-compatible changes, forcing nodes to upgrade or be left on a separate chain. Question 13. Sharding primarily addresses which blockchain challenge? A) Energy consumption B) Transaction throughput and scalability C) Private key management D) Smart contract language support Answer: B Explanation: Sharding splits the state and transaction processing across multiple shards, increasing parallelism and capacity. Question 14. Which property is NOT required for a cryptographic hash function used in blockchain? A) Determinism B) Collision resistance C) Reversibility D) Pre-image resistance Answer: C Explanation: Hash functions must be one-way; reversibility would compromise security. Question 15. SHA-256 produces a digest of how many bits? A) 128 bits B) 160 bits C) 256 bits D) 512 bits

Exam

Answer: C Explanation: Cold hardware wallets keep keys offline, protecting them from internet-based attacks. Question 19. A mnemonic seed phrase is typically generated using which standard? A) BIP- 32 B) BIP- 39 C) BIP- 44 D) BIP- 70 Answer: B Explanation: BIP-39 defines how to encode entropy into a set of human-readable words. Question 20. Which consensus algorithm is most vulnerable to a “nothing-at-stake” attack if not mitigated? A) Proof-of-Work B) Proof-of-Authority C) Proof-of-Stake D) Proof-of-Burn Answer: C Explanation: In PoS, validators could sign multiple competing forks without cost, necessitating slashing or checkpoint mechanisms. Question 21. In Proof-of-Work, the difficulty adjustment aims to: A) Increase transaction fees B) Keep average block time constant

Exam

C) Reduce the number of miners D) Change the hash algorithm Answer: B Explanation: Difficulty is retuned periodically to maintain a target block interval despite changes in total hashing power. Question 22. Which of the following best describes a mining pool? A) A single miner with the highest hash rate B) A collective of miners sharing rewards proportionally C) A government-run mining operation D) A software that disables mining Answer: B Explanation: Pools combine hash power to find blocks more regularly and distribute rewards among participants. Question 23. The “nothing-at-stake” problem is mitigated in many PoS designs by: A) Increasing block size B) Implementing slashing penalties for misbehavior C) Removing validators entirely D) Reverting to PoW Answer: B Explanation: Slashing destroys a portion of a validator’s stake if they sign conflicting blocks, discouraging dishonest behavior. Question 24. Delegated Proof-of-Stake (DPoS) selects block producers via: A) Random hash puzzles

Exam

A) Unlimited smart contract functionality B) High transaction throughput (thousands per second) C) Fixed block size leading to scalability constraints D) Native support for confidential transactions Answer: C Explanation: Bitcoin’s 1 MB block limit restricts the number of transactions per block, causing scalability challenges. Question 28. An ICO primarily raises funds by: A) Issuing equity shares on a stock exchange B) Selling utility tokens to early investors C) Borrowing from banks D) Offering bonds Answer: B Explanation: Initial Coin Offerings sell newly created tokens that may provide future utility within a platform. Question 29. A decentralized exchange (DEX) differs from a centralized exchange (CEX) because: A) It holds user funds in a custodial wallet B) Trades are executed on-chain without a trusted intermediary C) It requires KYC for all users D) It only supports fiat currencies Answer: B Explanation: DEXs match orders directly on the blockchain, allowing users to retain control of their private keys.

Exam

Question 30. Which token standard defines non-fungible tokens on Ethereum? A) ERC- 20 B) ERC- 721 C) ERC- 1155 D) ERC- 777 Answer: B Explanation: ERC-721 introduces unique token IDs, enabling non-fungible assets. Question 31. Gas in Ethereum is used to: A) Encrypt transaction data B) Pay for computational resources consumed by a transaction or contract execution C) Store private keys D) Mine new blocks Answer: B Explanation: Gas measures the amount of work required; users pay ether to cover this cost. Question 32. The “Merge” in Ethereum refers to: A) The combination of Bitcoin and Ethereum blockchains B) The transition from PoW to PoS consensus C) The creation of a new token standard D) The integration of a new smart-contract language Answer: B Explanation: The Merge replaced Ethereum’s PoW engine with the PoS Beacon Chain, finalizing the shift to PoS.

Exam

Question 36. In Corda, the component responsible for guaranteeing transaction uniqueness is the: A) Notary service B) Vault C) Flow D) CorDapp Answer: A Explanation: Notaries validate that a transaction’s inputs have not been previously consumed, preventing double-spending. Question 37. Which privacy feature is native to Corda’s design? A) Zero-knowledge proofs for every transaction B) Point-to-point communication where only involved parties see transaction data C) Public broadcasting of all states to every node D) Mandatory tokenization of assets Answer: B Explanation: Corda shares transaction data only with participants, preserving confidentiality. Question 38. A “51% attack” threatens a blockchain by: A) Controlling the majority of network bandwidth B) Gaining control of over half the consensus power, allowing block re-organzation C) Stealing private keys from users D) Manipulating smart contract code Answer: B

Exam

Explanation: Controlling >50% of hash power (PoW) or stake (PoS) enables an attacker to rewrite recent history. Question 39. Reentrancy attacks in smart contracts exploit: A) Incorrect hash functions B) The ability to call back into the vulnerable contract before state changes are finalized C) Weak private key generation D) Improper Merkle tree construction Answer: B Explanation: An attacker repeatedly invokes a function (e.g., withdraw) before the contract updates its balance, draining funds. Question 40. Formal verification of smart contracts primarily aims to: A) Increase transaction speed B) Prove mathematically that the contract adheres to its specification, eliminating certain bugs C) Reduce gas costs automatically D) Convert Solidity code to Python Answer: B Explanation: Formal methods use mathematical proofs to ensure contract logic matches intended behavior. Question 41. Which regulatory framework specifically addresses data protection for individuals in the EU? A) HIPAA B) GDPR C) FINRA D) PCI-DSS

Exam

D) The number of nodes in the network Answer: B Explanation: Provenance provides an immutable record of an item’s journey from source to consumer. Question 45. Which of the following best describes a “cold wallet”? A) A wallet that is always connected to the internet B) A wallet stored offline, such as on a hardware device or paper C) A wallet that automatically stakes tokens D) A wallet that uses multi-signature for every transaction Answer: B Explanation: Cold wallets keep private keys offline, reducing exposure to online attacks. Question 46. The primary purpose of a “Merkle proof” is to: A) Encrypt a transaction B) Demonstrate that a transaction is included in a block without revealing the entire block data C) Generate a new private key D) Adjust mining difficulty Answer: B Explanation: Merkle proofs provide a concise path from a leaf node to the root, proving inclusion. Question 47. Which consensus algorithm is most energy-efficient for permissioned networks? A) Proof-of-Work B) Proof-of-Stake

Exam

C) Proof-of-Authority D) Proof-of-Burn Answer: C Explanation: PoA relies on a small set of approved validators, eliminating intensive mining calculations. Question 48. In the context of blockchain, “finality” means: A) The ability to reverse a transaction at any time B) The guarantee that once a block is confirmed, it cannot be altered or removed C) The requirement to pay high transaction fees D) The existence of a single central authority Answer: B Explanation: Finality ensures that a transaction is irrevocably part of the ledger after a certain point. Question 49. Which token standard enables both fungible and non-fungible assets within a single contract? A) ERC- 20 B) ERC- 721 C) ERC- 1155 D) ERC- 777 Answer: C Explanation: ERC-1155 supports multiple token types—fungible, non-fungible, or semi-fungible—in one contract. Question 50. A “consortium blockchain” is best described as: A) A fully public network with no access restrictions

Exam

A) Miners colluding to increase transaction fees B) A miner withholding discovered blocks to gain a temporary advantage over honest miners C) Mining using only renewable energy D) Mining on a private blockchain Answer: B Explanation: Selfish miners keep blocks private to create a longer private chain, potentially overtaking the public chain for greater rewards. Question 54. A “nonce” in PoW mining is used to: A) Encrypt the transaction data B) Vary the block header input so that the hash meets the difficulty target C) Store the private key of the miner D) Identify the block’s creator Answer: B Explanation: Miners increment the nonce to produce different hashes until one satisfies the required difficulty. Question 55. Which of the following is NOT a typical feature of a blockchain “oracle”? A) Providing off-chain data to smart contracts B) Storing private keys on the blockchain C) Ensuring data authenticity through signatures D) Acting as a bridge between external APIs and on-chain logic Answer: B Explanation: Oracles deliver external data; they do not store private keys on the ledger.

Exam

Question 56. In a token sale, a “soft cap” refers to: A) The minimum amount of funds required to proceed with the project B) The maximum number of tokens that can be sold C) The amount of tokens reserved for the team D) The fee charged by the exchange Answer: A Explanation: The soft cap is the funding threshold below which the project may be aborted or funds returned. Question 57. Which of the following best describes a “state channel” in Ethereum? A) A permanent on-chain contract that holds user balances B) An off-chain agreement allowing participants to transact privately and settle later on-chain C) A method for increasing block size D) A type of mining pool Answer: B Explanation: State channels enable rapid, low-cost interactions off-chain with final settlement recorded on the main chain. Question 58. The “Beacon Chain” in Ethereum’s PoS design primarily handles: A) Execution of smart contracts B) Random selection of validators and consensus for block finality C) Storing transaction data permanently D) Mining reward distribution via PoW Answer: B Explanation: The Beacon Chain coordinates validator duties, randomness, and finality in the PoS system.