1. MD5 | SHA1 | XOR | ARC4—these are the insecure code indicators for which one of the following?
   1. Weak Encryption
   2. Insecure protocol
   3. Hardcoded information
   4. Command injection
2. What kind of source code security issue can be identified with low false positive?
   1. Weak encryption
   2. Insecure protocol
   3. Weak random
   4. All of the above
3. What APIs are risky to command injection?
   1. system
   2. execl
   3. ShellExecute
   4. All of the above

4. What can lead to XXE injection?
   1. Failing to disable the external DTD configuration
   2. No prepared statement
   3. The use of eval
   4. No output encoding

5. What APIs are related to XXE handling?
   1. SAXParser
   2. SchemaFactory
   3. DocumentBuilderFactoryImpl
   4. All of the above
6. Which of these is a correct statement about the deserialization security issue?
   1. Serialization is the process in Java of converting the state of an object into a byte stream (serialized object), which can be stored in files, memory, or a database. Deserialization is the reverse process, involving the creation of an object based on the byte stream.
   2. readObject is the API that may be vulnerable to a deserialization security issue.
   3. The deserialization security issue may result in an RCE attack.
   4. All of the above.