D385 Pre –Assessment Questions With 100% Verified Solutions

D385 Pre –Assessment Questions With 100% Verified Solutions Which method is used for a SQL injection attack? - exploiting query parameters - passing safe query parameters - using SQL composition - utilizing literal parameters - ANSWER - exploiting query parameters Consider the following assertion statement: def authorizeAdmin(usr): assert isinstance(usr, list) and usr != [], "No user found" assert 'admin' in usr, "No admin found." print("You are granted full access to the application.") if __name__ == '__main__': authorizeAdmin(['user']) What should be the response after running the code? - Authorized User - You are granted full access to the application - AssertionError: No admin found - AssertionError: No user found - ANSWER - AssertionError: No admin found What does cross-origin resource sharing (CORS) allow users to do? - prevent the passing of credentials - override same starting policy for specific resources - protect the client header from exposure - connect web security models - ANSWER - Override same starting policy for specific resources Which protocol caches a token after it has been acquired? - MSAL - Auth0 - LDAP - ACL - ANSWER - MSAL Consider the following API code snippet: import requests url = ' # Get request result = (url) # Print request print(e()) Which status code will the server return? - 200 - 400 - 401 - 403 - ANSWER - 200 The user submits the following request to an API endpoint that requires a header: import requests url = ' try: request_response = (url) # If the response was successful, no Exception will be raised request__for_status() except Exception as err: print(f'Other error occurred: {err}') else: print('Success!') Which response code will the user most likely be presented with? - 200 - "OK" - 400 - "Bad request" - 401 - "Unauthorized" - 404- "Not found" - ANSWER - 400 - "Bad request" Which response method, when sent a request, returns information about the server's response and is delivered back to the console? - ry - s_code - nt - - ANSWER - s_code What is the primary defense against log injection attacks? - do not use parameterized stored procedures in the database - allow all users to write to these logs - sanitize outbound log messages - use API calls to log actions - ANSWER - sanitize outbound log messages An attacker exploits a cross-site scripting vulnerability.