Bird
Raised Fist0
Prompt Engineering / GenAIml~20 mins

Rate limiting and abuse prevention in Prompt Engineering / GenAI - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepModelTryChallengeExperimentRecallMetrics

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
Rate Limiting Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
1:00remaining
Understanding Rate Limiting Purpose
Why is rate limiting important in AI service APIs?
ATo increase the speed of AI model training
BTo prevent excessive use that can overload servers and degrade service quality
CTo improve the accuracy of AI predictions by limiting data input
DTo reduce the size of AI models for faster downloads
Attempts:
2 left
💡 Hint
Think about what happens when too many requests come at once.
Model Choice
intermediate
1:30remaining
Choosing a Rate Limiting Strategy
Which rate limiting strategy allows a user to make bursts of requests but limits the average rate over time?
AFixed window limiting
BNo rate limiting
CToken bucket algorithm
DLeaky bucket algorithm
Attempts:
2 left
💡 Hint
This algorithm uses tokens to allow bursts but controls the overall rate.
Predict Output
advanced
2:00remaining
Output of Rate Limiting Code Snippet
What is the output of this Python code simulating a fixed window rate limiter?
Prompt Engineering / GenAI
import time

class FixedWindowLimiter:
    def __init__(self, limit, window_seconds):
        self.limit = limit
        self.window_seconds = window_seconds
        self.request_times = []

    def allow_request(self):
        current_time = time.time()
        # Remove requests outside the current window
        self.request_times = [t for t in self.request_times if t > current_time - self.window_seconds]
        if len(self.request_times) < self.limit:
            self.request_times.append(current_time)
            return True
        else:
            return False

limiter = FixedWindowLimiter(limit=3, window_seconds=5)
results = []
for _ in range(5):
    results.append(limiter.allow_request())
    time.sleep(1)
print(results)
A[True, True, False, False, False]
B[False, False, False, False, False]
C[True, True, True, True, False]
D[True, True, True, False, False]
Attempts:
2 left
💡 Hint
The limiter allows 3 requests per 5 seconds window.
Metrics
advanced
1:30remaining
Evaluating Abuse Prevention Effectiveness
Which metric best measures how well a rate limiter prevents abuse without blocking legitimate users?
AFalse positive rate (blocking good users)
BAverage response time of the server
CNumber of API endpoints
DModel accuracy on training data
Attempts:
2 left
💡 Hint
Think about mistakenly blocking users who should be allowed.
🔧 Debug
expert
2:00remaining
Debugging Token Bucket Implementation
Given this token bucket rate limiter code, what error will occur when calling allow_request() repeatedly without waiting?
Prompt Engineering / GenAI
import time

class TokenBucket:
    def __init__(self, capacity, refill_rate):
        self.capacity = capacity
        self.tokens = capacity
        self.refill_rate = refill_rate
        self.last_refill = 0

    def allow_request(self):
        current_time = time.time()
        elapsed = current_time - self.last_refill
        self.tokens = min(self.capacity, self.tokens + elapsed * self.refill_rate)
        self.last_refill = current_time
        if self.tokens >= 1:
            self.tokens -= 1
            return True
        else:
            return False

bucket = TokenBucket(5, 1)
for _ in range(10):
    print(bucket.allow_request())
ANameError because time module is not imported
BValueError due to negative tokens
CNo error, prints True for first 5 calls then False
DZeroDivisionError in refill calculation
Attempts:
2 left
💡 Hint
Check if all required modules are imported.

Practice

(1/5)
1. What is the main purpose of rate limiting in AI services?
easy
A. To improve the accuracy of AI models
B. To increase the speed of AI predictions
C. To stop too many requests from one user in a short time
D. To reduce the size of the AI model

Solution

  1. Step 1: Understand rate limiting concept

    Rate limiting is designed to control how many requests a user can make in a short period.

  2. Step 2: Identify the main goal

    The goal is to prevent overload and abuse by stopping too many requests quickly.

  3. Final Answer:

    To stop too many requests from one user in a short time -> Option C

  4. Quick Check:

    Rate limiting = stop excess requests [OK]
Hint: Rate limiting controls request frequency to prevent overload [OK]
Common Mistakes:
  • Confusing rate limiting with improving model accuracy
  • Thinking rate limiting speeds up predictions
  • Assuming rate limiting reduces model size
2. Which Python code snippet correctly implements a simple rate limiter that blocks requests after 5 calls?
easy
A. if requests_count >= 5: block_request()
B. if requests_count == 5: allow_request()
C. if requests_count < 5: block_request()
D. if requests_count > 5: block_request()

Solution

  1. Step 1: Understand the condition for blocking

    We want to block requests when the count reaches or exceeds 5, so >= 5 is correct.

  2. Step 2: Check each option

    if requests_count >= 5: block_request() uses '>= 5' to block requests, which matches the requirement.

  3. Final Answer:

    if requests_count >= 5: block_request() -> Option A

  4. Quick Check:

    Block when count is 5 or more = >= 5 [OK]
Hint: Use '>=' to include the limit value when blocking [OK]
Common Mistakes:
  • Using '>' misses blocking exactly at 5
  • Using '<' blocks too early
  • Allowing request at count 5 instead of blocking
3. Given the code below, what will be printed after 7 calls to check_request()? 
requests_count = 0
def block_request():
    print('Blocked')
def allow_request():
    print('Allowed')
def check_request():
    global requests_count
    requests_count += 1
    if requests_count >= 5:
        block_request()
    else:
        allow_request()

for _ in range(7):
    check_request()
medium
A. Allowed printed 7 times
B. Blocked printed 5 times, Allowed printed 2 times
C. Allowed printed 5 times, Blocked printed 2 times
D. Allowed printed 4 times, Blocked printed 3 times

Solution

  1. Step 1: Track requests_count and output

    For calls 1 to 4, requests_count is less than 5, so 'Allowed' prints. For calls 5 to 7, requests_count is 5 or more, so 'Blocked' prints.

  2. Step 2: Count prints

    'Allowed' prints 4 times, 'Blocked' prints 3 times.

  3. Final Answer:

    Allowed printed 4 times, Blocked printed 3 times -> Option D

  4. Quick Check:

    4 Allowed + 3 Blocked = 7 calls [OK]
Hint: Count calls before and after limit to find outputs [OK]
Common Mistakes:
  • Counting 'Allowed' as 5 times instead of 4
  • Confusing when blocking starts
  • Ignoring global variable increment
4. The following code is meant to block requests after 2 calls, but it blocks after 3 calls instead. What is the error? 
requests_count = 0
def check_request():
    global requests_count
    requests_count += 1
    if requests_count > 3:
        print('Blocked')
    else:
        print('Allowed')
medium
A. The requests_count should start at 1, not 0
B. The condition should be '>= 3' instead of '> 3'
C. The print statements are reversed
D. The global keyword is missing

Solution

  1. Step 1: Analyze the blocking condition

    The code blocks only when requests_count > 3, so blocking starts at 4th call, not 3rd.

  2. Step 2: Fix condition to block at 3 calls

    Changing condition to '>= 3' will block starting at the 3rd call as intended.

  3. Final Answer:

    The condition should be '>= 3' instead of '> 3' -> Option B

  4. Quick Check:

    Block at 3 calls means '>= 3' [OK]
Hint: Use '>=' to include the limit call in blocking [OK]
Common Mistakes:
  • Using '>' blocks too late
  • Starting count at 1 instead of 0 is unnecessary
  • Forgetting global keyword (but it's present here)
5. You want to prevent abuse by limiting users to 10 requests per minute. Which approach best combines rate limiting with user tracking in Python?
hard
A. Use a dictionary to store user IDs with timestamps of their requests, then block if more than 10 in last 60 seconds
B. Reset a global request count every minute without user distinction
C. Block all requests after 10 total requests regardless of user
D. Allow unlimited requests but slow down responses after 10 requests

Solution

  1. Step 1: Understand per-user rate limiting

    To limit requests per user, we must track each user's request times separately.

  2. Step 2: Choose data structure and logic

    A dictionary with user IDs as keys and timestamps as values lets us count requests in the last 60 seconds and block if over 10.

  3. Final Answer:

    Use a dictionary to store user IDs with timestamps of their requests, then block if more than 10 in last 60 seconds -> Option A

  4. Quick Check:

    Per-user tracking + time window = dictionary with timestamps [OK]
Hint: Track each user's timestamps to count requests per minute [OK]
Common Mistakes:
  • Using global count ignores individual users
  • Blocking all users after total requests causes unfair blocking
  • Slowing responses is not strict rate limiting