D385 - Software and Security Testing WGU Questions &
Answers
What hash function should you use for most general purpose cryptographic hashing? - ✔✔✔SHA-256
What hash function should you consider using for high security environments, though it may have less
support? - ✔✔✔SHA3-256
What hash function should you use for very large messages? - ✔✔✔BLAKE2
What two hash functions should you avoid, as they're now considered unsecure? - ✔✔✔MD5 and SHA1
What is the difference between hash functions and checksum functions? - ✔✔✔Hash functions have
stronger collision resistance, checksums are faster. Checksums are not useful for security.
What module do you use for cryptographic hashing in Python? - ✔✔✔hashlib
What 3 properties characterize hash functions? - ✔✔✔1. Deterministic behavior 2. Fixed-length hash
values 3. Avalanche effect
What is the logging numeric value for DEBUG? - ✔✔✔10
What does logging.DEBUG indicate? - ✔✔✔Detailed information, typically only of interest to a
developer trying to diagnose a problem.
What is the logging numeric value for INFO? - ✔✔✔20
What does logging.INFO indicate? - ✔✔✔Confirmation that things are working as expected
What is the logging numeric value for WARNING? - ✔✔✔30
, What does logging.WARNING indicate? - ✔✔✔Something unexpected happened, or that a problem
might occur in the near future. Software is still working as expected.
What is the logging numeric value for ERROR? - ✔✔✔40
What does logging.ERROR indicate? - ✔✔✔Software has not been able to perform some function due to
a more serious problem.
What is the logging numeric value for CRITICAL? - ✔✔✔50
What does logging.CRITICAL indicate? - ✔✔✔A serious error, indicating that the program itself may be
unable to continue running.
Should you use the secrets or random module for generating secure random numbers? - ✔✔✔secrets
What do keyed hash functions do? - ✔✔✔Hash functions using different keys produce different hash
values of the same message. Hash functions using the same key produce matching hash values of the
same message. Ensures data authentication.
What are HMAC functions? - ✔✔✔A generic way to use any ordinary hash function as though it were a
keyed hash function, since most hash functions don't support keys natively. Takes 3 inputs: message,
key, ordinary cryptographic hash function.
What is a timing attack? - ✔✔✔Attacker obtains hints about private information by measuring the time
a system takes to perform an operation (ex: string comparison)
How can you avoid a timing attack with the hmac module? - ✔✔✔You can use compare_digest in place
of ==. This always compares all characters before it returns thus preventing timing attack vulnerabilities.
What is a side channel attack? - ✔✔✔Derives unauthorized information by measuring any physical side
channel (such as time sound, power consumption, electromagnetic radiation, radio waves, and heat)
Answers
What hash function should you use for most general purpose cryptographic hashing? - ✔✔✔SHA-256
What hash function should you consider using for high security environments, though it may have less
support? - ✔✔✔SHA3-256
What hash function should you use for very large messages? - ✔✔✔BLAKE2
What two hash functions should you avoid, as they're now considered unsecure? - ✔✔✔MD5 and SHA1
What is the difference between hash functions and checksum functions? - ✔✔✔Hash functions have
stronger collision resistance, checksums are faster. Checksums are not useful for security.
What module do you use for cryptographic hashing in Python? - ✔✔✔hashlib
What 3 properties characterize hash functions? - ✔✔✔1. Deterministic behavior 2. Fixed-length hash
values 3. Avalanche effect
What is the logging numeric value for DEBUG? - ✔✔✔10
What does logging.DEBUG indicate? - ✔✔✔Detailed information, typically only of interest to a
developer trying to diagnose a problem.
What is the logging numeric value for INFO? - ✔✔✔20
What does logging.INFO indicate? - ✔✔✔Confirmation that things are working as expected
What is the logging numeric value for WARNING? - ✔✔✔30
, What does logging.WARNING indicate? - ✔✔✔Something unexpected happened, or that a problem
might occur in the near future. Software is still working as expected.
What is the logging numeric value for ERROR? - ✔✔✔40
What does logging.ERROR indicate? - ✔✔✔Software has not been able to perform some function due to
a more serious problem.
What is the logging numeric value for CRITICAL? - ✔✔✔50
What does logging.CRITICAL indicate? - ✔✔✔A serious error, indicating that the program itself may be
unable to continue running.
Should you use the secrets or random module for generating secure random numbers? - ✔✔✔secrets
What do keyed hash functions do? - ✔✔✔Hash functions using different keys produce different hash
values of the same message. Hash functions using the same key produce matching hash values of the
same message. Ensures data authentication.
What are HMAC functions? - ✔✔✔A generic way to use any ordinary hash function as though it were a
keyed hash function, since most hash functions don't support keys natively. Takes 3 inputs: message,
key, ordinary cryptographic hash function.
What is a timing attack? - ✔✔✔Attacker obtains hints about private information by measuring the time
a system takes to perform an operation (ex: string comparison)
How can you avoid a timing attack with the hmac module? - ✔✔✔You can use compare_digest in place
of ==. This always compares all characters before it returns thus preventing timing attack vulnerabilities.
What is a side channel attack? - ✔✔✔Derives unauthorized information by measuring any physical side
channel (such as time sound, power consumption, electromagnetic radiation, radio waves, and heat)
