D385: Logging and Security Issues Practice Written Exam
| Questions & Answers 2025
What are some common debugging techniques? - ✔✔✔- printing out values of variables
- changing the state ("path") of the program to make it do different things
- stepping through the execution of a program line by line
- breakpoints
- trace points
- stopping the program at certain events
- viewing the output of a program in a debugger window
What are some Python debugging tools? - ✔✔✔- pdb: most commonly used
- Web-PDB
- wdb
- Pyflame
- objgraph
XML External Entity Attacks - ✔✔✔- XXE
- when attackers exploit an XML parser to read arbitrary files on your server
- attackers might also be able to read config files, retrieve user information
Insecure Deserialization - ✔✔✔- serialization is the conversion of an object in a programming language
is saved into a format that can be saved to a database
- DEserialization is when a serialized object is read from a file or the network and converted back into an
object
- INSECURE DESERIALIZATION occurs when an attacker can manipulate the serialized object and achieve
authentication bypass, DOS, or arbitrary code execution
Injection Attacks - ✔✔✔- when an application cannot properly distinguish between untrusted user data
and code
,- typically allows for arbitrary code execution
SQL Injection Attack Mitigation - ✔✔✔- use parameterized statements
Log Injection Attack Mitigation - ✔✔✔- prefixing log entries with meta-data (i.e. timestamp)
- validate the entry before accessing or opening
Sensitive Data Leaks - ✔✔✔- occurs when an application fails to properly protect sensitive information
- this typically occurs through descriptive response headers, descriptive error messages with stack traces
or database error messages, or revealing comments in HTML files
Cross-site Request Forgery - ✔✔✔- client-side technique used to attack other users of a web application
- attackers send HTTP requests that pretend to come from the victim
- attackers then carry out unwanted actions such as changing a password or transferring money from a
bank account
CSRF Mitigation - ✔✔✔- CSRF tokens
- SameSite cookies
- avoid using GET requests for state-changing actions
SSRF - ✔✔✔- Server-side Request Forgery
- attacker us able to send requests on behalf of the server
- allows attackers to forge the request signature and assume a privileged position on a network,
bypassing firewall controls, and gaining access to internal services
SSRF Mitigation - ✔✔✔- never make outbound requests based on user input
- validate external addresses before initiating any outbound requests
PDB - ✔✔✔- debugger built into the Python standard library
, Which three actions are supported by the Python Debugger (PDB)? (Choose 3 answers.) - ✔✔✔-
establishing breakpoints
- code step throughs
- stack tracing
Which three debugging techniques require the use of a debugger? (Choose 3 answers.) - ✔✔✔- trace
points
- breakpoints
- code step through
What do system monitoring and review of audit trails provide? - ✔✔✔- Accountability
What are the logging levels and values? - ✔✔✔- DEBUG = 10
- INFO = 20
- WARNING = 30
- ERROR = 40
- CRITICAL = 50
Which logging function may indicate an impending full disk? - ✔✔✔- WARNING
- indicates that there could be a problem in the immediate future
What does DEBUG indicate? - ✔✔✔- only used when diagnosing software problems
What does CRITICAL indicate? - ✔✔✔- indicates catastrophic code malfunction
What does ERROR indicate? - ✔✔✔- indicates code malfunction
What is defensive programming? - ✔✔✔- assuming mistakes will happen and guarding against them
| Questions & Answers 2025
What are some common debugging techniques? - ✔✔✔- printing out values of variables
- changing the state ("path") of the program to make it do different things
- stepping through the execution of a program line by line
- breakpoints
- trace points
- stopping the program at certain events
- viewing the output of a program in a debugger window
What are some Python debugging tools? - ✔✔✔- pdb: most commonly used
- Web-PDB
- wdb
- Pyflame
- objgraph
XML External Entity Attacks - ✔✔✔- XXE
- when attackers exploit an XML parser to read arbitrary files on your server
- attackers might also be able to read config files, retrieve user information
Insecure Deserialization - ✔✔✔- serialization is the conversion of an object in a programming language
is saved into a format that can be saved to a database
- DEserialization is when a serialized object is read from a file or the network and converted back into an
object
- INSECURE DESERIALIZATION occurs when an attacker can manipulate the serialized object and achieve
authentication bypass, DOS, or arbitrary code execution
Injection Attacks - ✔✔✔- when an application cannot properly distinguish between untrusted user data
and code
,- typically allows for arbitrary code execution
SQL Injection Attack Mitigation - ✔✔✔- use parameterized statements
Log Injection Attack Mitigation - ✔✔✔- prefixing log entries with meta-data (i.e. timestamp)
- validate the entry before accessing or opening
Sensitive Data Leaks - ✔✔✔- occurs when an application fails to properly protect sensitive information
- this typically occurs through descriptive response headers, descriptive error messages with stack traces
or database error messages, or revealing comments in HTML files
Cross-site Request Forgery - ✔✔✔- client-side technique used to attack other users of a web application
- attackers send HTTP requests that pretend to come from the victim
- attackers then carry out unwanted actions such as changing a password or transferring money from a
bank account
CSRF Mitigation - ✔✔✔- CSRF tokens
- SameSite cookies
- avoid using GET requests for state-changing actions
SSRF - ✔✔✔- Server-side Request Forgery
- attacker us able to send requests on behalf of the server
- allows attackers to forge the request signature and assume a privileged position on a network,
bypassing firewall controls, and gaining access to internal services
SSRF Mitigation - ✔✔✔- never make outbound requests based on user input
- validate external addresses before initiating any outbound requests
PDB - ✔✔✔- debugger built into the Python standard library
, Which three actions are supported by the Python Debugger (PDB)? (Choose 3 answers.) - ✔✔✔-
establishing breakpoints
- code step throughs
- stack tracing
Which three debugging techniques require the use of a debugger? (Choose 3 answers.) - ✔✔✔- trace
points
- breakpoints
- code step through
What do system monitoring and review of audit trails provide? - ✔✔✔- Accountability
What are the logging levels and values? - ✔✔✔- DEBUG = 10
- INFO = 20
- WARNING = 30
- ERROR = 40
- CRITICAL = 50
Which logging function may indicate an impending full disk? - ✔✔✔- WARNING
- indicates that there could be a problem in the immediate future
What does DEBUG indicate? - ✔✔✔- only used when diagnosing software problems
What does CRITICAL indicate? - ✔✔✔- indicates catastrophic code malfunction
What does ERROR indicate? - ✔✔✔- indicates code malfunction
What is defensive programming? - ✔✔✔- assuming mistakes will happen and guarding against them
