D385 Software Security and Testing
2025/2026 Exam Questions and Correct
Answers | New Update
Sanitize outbound log messages - 🧠 ANSWER ✔✔What is the primary
defense against log injection attacks?
Access the user's data - 🧠 ANSWER ✔✔An attacker exploits a cross-site
scripting vulnerability. What is the attacker able to do?
eval() - 🧠 ANSWER ✔✔Which Python function is prone to a potential code
injection attack?
Check functional preconditions and postconditions - 🧠 ANSWER ✔✔What
are two common defensive coding techniques?
test - 🧠 ANSWER ✔✔Which package is meant for internal use by Python
for regression testing?
,type() - 🧠 ANSWER ✔✔Which Python function is used for input validation?
Broken access control - 🧠 ANSWER ✔✔A security analyst has noticed a
vulnerability in which an attacker took over multiple users' accounts. Which
vulnerability did the security analyst encounter?
Implement resource and field-level access control - 🧠 ANSWER ✔✔When
creating a new user, an administrator must submit the following fields to an
API endpoint:
Name
Email Address
Password
IsAdmin
What is the best way to ensure the API is protected against privilege
escalation?
Exploiting query parameters - 🧠 ANSWER ✔✔Which method is used for a
SQL injection attack?
, response.content - 🧠 ANSWER ✔✔Which response method, when sent a
request, returns information about the server's response and is delivered
back to the console?
Override same starting policy for specific resources - 🧠 ANSWER ✔✔What
does cross-origin resource sharing (CORS) allow users to do?
MSAL - 🧠 ANSWER ✔✔Which protocol caches a token after it has been
acquired?
200 - 🧠 ANSWER ✔✔OK - Your request was successful
201 - 🧠 ANSWER ✔✔CREATED - Your request was accepted, and the
resource was created
400 - 🧠 ANSWER ✔✔BAD REQUEST - Your request is either wrong or
missing information
401 - 🧠 ANSWER ✔✔UNAUTHORIZED - Your request requires additional
permissions
403 - 🧠 ANSWER ✔✔FORBIDDEN - website can be reached, but more
permissions needed before accessing further
COPYRIGHT©PROFFKERRYMARTIN 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE.
PRIVACY STATEMENT. ALL RIGHTS RESERVED
2025/2026 Exam Questions and Correct
Answers | New Update
Sanitize outbound log messages - 🧠 ANSWER ✔✔What is the primary
defense against log injection attacks?
Access the user's data - 🧠 ANSWER ✔✔An attacker exploits a cross-site
scripting vulnerability. What is the attacker able to do?
eval() - 🧠 ANSWER ✔✔Which Python function is prone to a potential code
injection attack?
Check functional preconditions and postconditions - 🧠 ANSWER ✔✔What
are two common defensive coding techniques?
test - 🧠 ANSWER ✔✔Which package is meant for internal use by Python
for regression testing?
,type() - 🧠 ANSWER ✔✔Which Python function is used for input validation?
Broken access control - 🧠 ANSWER ✔✔A security analyst has noticed a
vulnerability in which an attacker took over multiple users' accounts. Which
vulnerability did the security analyst encounter?
Implement resource and field-level access control - 🧠 ANSWER ✔✔When
creating a new user, an administrator must submit the following fields to an
API endpoint:
Name
Email Address
Password
IsAdmin
What is the best way to ensure the API is protected against privilege
escalation?
Exploiting query parameters - 🧠 ANSWER ✔✔Which method is used for a
SQL injection attack?
, response.content - 🧠 ANSWER ✔✔Which response method, when sent a
request, returns information about the server's response and is delivered
back to the console?
Override same starting policy for specific resources - 🧠 ANSWER ✔✔What
does cross-origin resource sharing (CORS) allow users to do?
MSAL - 🧠 ANSWER ✔✔Which protocol caches a token after it has been
acquired?
200 - 🧠 ANSWER ✔✔OK - Your request was successful
201 - 🧠 ANSWER ✔✔CREATED - Your request was accepted, and the
resource was created
400 - 🧠 ANSWER ✔✔BAD REQUEST - Your request is either wrong or
missing information
401 - 🧠 ANSWER ✔✔UNAUTHORIZED - Your request requires additional
permissions
403 - 🧠 ANSWER ✔✔FORBIDDEN - website can be reached, but more
permissions needed before accessing further
COPYRIGHT©PROFFKERRYMARTIN 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE.
PRIVACY STATEMENT. ALL RIGHTS RESERVED
