D385: Pre-Assessment Questions With Verified Answers Verified 100%

D385: Pre-Assessment Questions With Verified Answers Verified 100% What is the primary defense against log injection attacks? - do not use parameterized stored procedures in the database - allow all users to write to these logs - sanitize outbound log messages - use API calls to log actions - ANSWER - sanitize outbound log messages An attacker exploits a cross-site scripting vulnerability. What is the attacker able to do? - execute a shell command or script - access the user's data - discover other users' credentials - gain access to sensitive files on the server - ANSWER - execute a shell command or script Which Python function is prone to a potential code injection attack? - type - eval - print - append - ANSWER - eval Which package is meant for internal use by Python for regression testing? - regress test - doctest - assert - test - ANSWER - test What are two common defensive coding techniques? - encrypt passwords and email submissions - check functional preconditions and postconditions - adjust length and encoding of messages - develop code with exceptions to find errors - ANSWER - develop code with exceptions to find errors A security analyst is reviewing code for improper input validation. Which type of input validation does this code show? isValidNumber = False while not isValidNumber: try: pickedNumber = int(input('Pick a number from 1 to 10')) if pickedNumber >= 1 and pickedNumber <= 10: isValidNumber = True except: print('You must enter a valid number from 1 to 10') print('You picked the number ' + str(pickedNumber)) - ANSWER - type and range check Consider the following penetration test: import requests urls = open("", "r") for url in urls: url = () req = (url) print (url, 'report try:transport_security = rs['Strict-TransportSecurity']except:print ('HSTS header not set properly') -------------------------------------- Which security vulnerability is shown? - cross-site scripting - denial of service - code injection - man-in-the-middle - ANSWER - man-in-the-middle A security analyst has noticed a vulnerability in which an attacker took over multiple user's accounts