Challenge - 5 Problems

🎖️

Compression and Security Master

Get all challenges correct to earn this badge!

Test your skills under time pressure!

❓ component_behavior

intermediate

2:00remaining

What is the effect of applying compression middleware in a NestJS app?

Consider a NestJS application where compression middleware is enabled. What will be the visible effect on the HTTP responses sent to clients?

NestJS

import { NestFactory } from '@nestjs/core';
import { AppModule } from './app.module';
import * as compression from 'compression';

async function bootstrap() {
  const app = await NestFactory.create(AppModule);
  app.use(compression());
  await app.listen(3000);
}
bootstrap();

AHTTP responses will be automatically compressed (e.g., gzip) to reduce size before sending to clients.

BHTTP responses will be cached on the server to improve performance.

CHTTP responses will include security headers like Content-Security-Policy automatically.

DHTTP responses will be encrypted with TLS before sending to clients.

Attempts:

2 left

📝 Syntax

intermediate

2:00remaining

Which option correctly adds Helmet security headers in a NestJS app?

Given the following code snippet, which option correctly applies Helmet middleware to add security headers?

NestJS

import { NestFactory } from '@nestjs/core';
import { AppModule } from './app.module';
import * as helmet from 'helmet';

async function bootstrap() {
  const app = await NestFactory.create(AppModule);
  // Apply helmet middleware here
  await app.listen(3000);
}
bootstrap();

Aapp.helmet();

Bapp.useHelmet();

Capp.use(helmet);

Dapp.use(helmet());

Attempts:

2 left

🔧 Debug

advanced

2:00remaining

Why does this NestJS app fail to compress responses?

Review the code below. The developer expects responses to be compressed but they are not. What is the cause?

NestJS

import { NestFactory } from '@nestjs/core';
import { AppModule } from './app.module';
import * as compression from 'compression';

async function bootstrap() {
  const app = await NestFactory.create(AppModule);
  app.use(compression);
  await app.listen(3000);
}
bootstrap();

AThe compression middleware is passed without calling it as a function, so it is not applied.

BCompression middleware must be imported from '@nestjs/compression' instead of 'compression'.

CThe app.listen call must come before applying middleware.

DCompression middleware only works with HTTPS, so it fails on HTTP.

Attempts:

2 left

❓ state_output

advanced

2:00remaining

What security headers are added by default when using Helmet in NestJS?

After applying Helmet middleware with app.use(helmet()), which of the following headers will be present in HTTP responses by default?

NestJS

import { NestFactory } from '@nestjs/core';
import { AppModule } from './app.module';
import * as helmet from 'helmet';

async function bootstrap() {
  const app = await NestFactory.create(AppModule);
  app.use(helmet());
  await app.listen(3000);
}
bootstrap();

AContent-Encoding, Cache-Control, Access-Control-Allow-Origin, Content-Length

BX-DNS-Prefetch-Control, X-Frame-Options, Strict-Transport-Security, X-Download-Options, X-Content-Type-Options, Referrer-Policy

CAuthorization, Cookie, Set-Cookie, WWW-Authenticate

DContent-Type, Content-Language, Content-Location, Content-MD5

Attempts:

2 left

🧠 Conceptual

expert

2:00remaining

Why is it important to combine compression and security headers in a NestJS app?

Choose the best explanation for why a NestJS app should use both compression middleware and security headers middleware like Helmet together.

ACompression middleware automatically adds security headers, so separate security middleware is unnecessary.

BCompression encrypts data for security, and security headers compress data for faster delivery; both do the same job redundantly.

CCompression reduces response size improving speed, while security headers protect users from attacks; together they enhance performance and safety.

DSecurity headers disable compression to avoid conflicts, so using both is not recommended.

Attempts:

2 left