D385: Logging and Security
Issues Exam Questions and
Answers 100% Pass
What are some common debugging techniques? - CORRECT ANSWER--
printing out values of variables
- changing the state ("path") of the program to make it do different things
- stepping through the execution of a program line by line
- breakpoints
- trace points
- stopping the program at certain events
- viewing the output of a program in a debugger window
What are some Python debugging tools? - CORRECT ANSWER-- pdb: most
commonly used
- Web-PDB
- wdb
,- Pyflame
- objgraph
XML External Entity Attacks - CORRECT ANSWER-- XXE
- when attackers exploit an XML parser to read arbitrary files on your server
- attackers might also be able to read config files, retrieve user information
Insecure Deserialization - CORRECT ANSWER-- serialization is the conversion
of an object in a programming language is saved into a format that can be saved to
a database
- DEserialization is when a serialized object is read from a file or the network and
converted back into an object
- INSECURE DESERIALIZATION occurs when an attacker can manipulate the
serialized object and achieve authentication bypass, DOS, or arbitrary code
execution
Injection Attacks - CORRECT ANSWER-- when an application cannot properly
distinguish between untrusted user data and code
- typically allows for arbitrary code execution
SQL Injection Attack Mitigation - CORRECT ANSWER-- use parameterized
statements
COPYRIGHT ALL RIGHTS RESERVED ©️ 2025
, Log Injection Attack Mitigation - CORRECT ANSWER-- prefixing log entries
with meta-data (i.e. timestamp)
- validate the entry before accessing or opening
Sensitive Data Leaks - CORRECT ANSWER-- occurs when an application fails to
properly protect sensitive information
- this typically occurs through descriptive response headers, descriptive error
messages with stack traces or database error messages, or revealing comments in
HTML files
Cross-site Request Forgery - CORRECT ANSWER-- client-side technique used to
attack other users of a web application
- attackers send HTTP requests that pretend to come from the victim
- attackers then carry out unwanted actions such as changing a password or
transferring money from a bank account
CSRF Mitigation - CORRECT ANSWER-- CSRF tokens
- SameSite cookies
- avoid using GET requests for state-changing actions
SSRF - CORRECT ANSWER-- Server-side Request Forgery
- attacker us able to send requests on behalf of the server
Issues Exam Questions and
Answers 100% Pass
What are some common debugging techniques? - CORRECT ANSWER--
printing out values of variables
- changing the state ("path") of the program to make it do different things
- stepping through the execution of a program line by line
- breakpoints
- trace points
- stopping the program at certain events
- viewing the output of a program in a debugger window
What are some Python debugging tools? - CORRECT ANSWER-- pdb: most
commonly used
- Web-PDB
- wdb
,- Pyflame
- objgraph
XML External Entity Attacks - CORRECT ANSWER-- XXE
- when attackers exploit an XML parser to read arbitrary files on your server
- attackers might also be able to read config files, retrieve user information
Insecure Deserialization - CORRECT ANSWER-- serialization is the conversion
of an object in a programming language is saved into a format that can be saved to
a database
- DEserialization is when a serialized object is read from a file or the network and
converted back into an object
- INSECURE DESERIALIZATION occurs when an attacker can manipulate the
serialized object and achieve authentication bypass, DOS, or arbitrary code
execution
Injection Attacks - CORRECT ANSWER-- when an application cannot properly
distinguish between untrusted user data and code
- typically allows for arbitrary code execution
SQL Injection Attack Mitigation - CORRECT ANSWER-- use parameterized
statements
COPYRIGHT ALL RIGHTS RESERVED ©️ 2025
, Log Injection Attack Mitigation - CORRECT ANSWER-- prefixing log entries
with meta-data (i.e. timestamp)
- validate the entry before accessing or opening
Sensitive Data Leaks - CORRECT ANSWER-- occurs when an application fails to
properly protect sensitive information
- this typically occurs through descriptive response headers, descriptive error
messages with stack traces or database error messages, or revealing comments in
HTML files
Cross-site Request Forgery - CORRECT ANSWER-- client-side technique used to
attack other users of a web application
- attackers send HTTP requests that pretend to come from the victim
- attackers then carry out unwanted actions such as changing a password or
transferring money from a bank account
CSRF Mitigation - CORRECT ANSWER-- CSRF tokens
- SameSite cookies
- avoid using GET requests for state-changing actions
SSRF - CORRECT ANSWER-- Server-side Request Forgery
- attacker us able to send requests on behalf of the server
