D385: Security Authentication Final Written Exam |
Questions & Answers
Attack Surface - ✔✔✔- the sum of all potential entry points
Common examples of attacks that take advantage of systems with insufficient input validation? - ✔✔✔-
SQLi
- RCE
- host header attack
- denial of service
Defense in Depth - ✔✔✔- each layer of security is dual-purpose
1) resists an attack
2) acts as a backup when other layers fail
Most common symmetric encryption algorithm? - ✔✔✔- AES
Most common hashing algorithm? - ✔✔✔- SHA-2
Resource sharing protocol for browsers? - ✔✔✔- CORS
- Cross-origin resource sharing
CSP - ✔✔✔- Content Sharing Policy
- browser-based attack mitigation standard
Security Fundamentals - ✔✔✔- Data integrity: has the data changed
- Authentication: who are you?
- Data authentication: who created the data?
- Nonrepudiation: who did what?
, - Authorization: what can you do?
- Confidentiality: who can access this?
Python's answer to cryptographic hashing? - ✔✔✔- hashlib module
Secure random number generation? - ✔✔✔- secrets module
Hash-based message authentication? - ✔✔✔- hmac module
Function used to protect passwords? - ✔✔✔- argon2-cffi
Python package for common cryptographic functions? - ✔✔✔- cryptography
A safer way to parse XML? - ✔✔✔- defusedxml
Web server gateway interface written in Python? - ✔✔✔- Gunicorn
Python package manager? - ✔✔✔- pipenv
Easy-to-use HTTP library? - ✔✔✔- requests
Client-side OAuth 2.0 implementation? - ✔✔✔- requests-oauthlib
Django server-side implementation for CORS? - ✔✔✔- django-cors-headers
Server-side implementation of CSP? - ✔✔✔- django-csp
Server-side OAuth 2.0 implementation? - ✔✔✔- DJango Oauth Toollkit
Questions & Answers
Attack Surface - ✔✔✔- the sum of all potential entry points
Common examples of attacks that take advantage of systems with insufficient input validation? - ✔✔✔-
SQLi
- RCE
- host header attack
- denial of service
Defense in Depth - ✔✔✔- each layer of security is dual-purpose
1) resists an attack
2) acts as a backup when other layers fail
Most common symmetric encryption algorithm? - ✔✔✔- AES
Most common hashing algorithm? - ✔✔✔- SHA-2
Resource sharing protocol for browsers? - ✔✔✔- CORS
- Cross-origin resource sharing
CSP - ✔✔✔- Content Sharing Policy
- browser-based attack mitigation standard
Security Fundamentals - ✔✔✔- Data integrity: has the data changed
- Authentication: who are you?
- Data authentication: who created the data?
- Nonrepudiation: who did what?
, - Authorization: what can you do?
- Confidentiality: who can access this?
Python's answer to cryptographic hashing? - ✔✔✔- hashlib module
Secure random number generation? - ✔✔✔- secrets module
Hash-based message authentication? - ✔✔✔- hmac module
Function used to protect passwords? - ✔✔✔- argon2-cffi
Python package for common cryptographic functions? - ✔✔✔- cryptography
A safer way to parse XML? - ✔✔✔- defusedxml
Web server gateway interface written in Python? - ✔✔✔- Gunicorn
Python package manager? - ✔✔✔- pipenv
Easy-to-use HTTP library? - ✔✔✔- requests
Client-side OAuth 2.0 implementation? - ✔✔✔- requests-oauthlib
Django server-side implementation for CORS? - ✔✔✔- django-cors-headers
Server-side implementation of CSP? - ✔✔✔- django-csp
Server-side OAuth 2.0 implementation? - ✔✔✔- DJango Oauth Toollkit
