Which of the following best describes what an SQL Injection attack is?
Think about how attackers might use input fields to harm databases.
SQL Injection involves inserting harmful SQL commands into input fields to trick the database into executing unintended commands.
Given the following Python code that filters security logs for failed login attempts, what will be the output?
logs = ["login success", "login failed", "password reset", "login failed"] failed_attempts = [log for log in logs if "failed" in log] print(len(failed_attempts))
Count how many log entries contain the word 'failed'.
The list comprehension filters logs containing 'failed'. There are exactly two such entries, so the length is 2.
Which assertion correctly checks that a password string contains at least one uppercase letter, one lowercase letter, and one digit?
Check if at least one character of each type exists in the password.
Option C uses any() to verify presence of uppercase, lowercase, and digit characters. Other options are incorrect because they check all characters or use invalid methods.
What error will this Python test code raise when run?
def test_login(): username = "user1" password = "pass123" assert login(username, password) == True def login(user, pwd): return user == "user1" and pwd == "pass1234"
Check the password comparison in the login function.
The login function expects password 'pass1234' but test uses 'pass123', so assertion fails causing AssertionError.
Which feature is MOST important in a security testing framework to detect Cross-Site Scripting (XSS) vulnerabilities?
Think about what XSS attacks do to web applications.
XSS attacks inject malicious scripts into web inputs. A framework that can inject and detect such scripts is essential for finding XSS vulnerabilities.