1. An AI recommends using a specific version of a library that had a critical CVE published three months after the model's training cutoff. This is an example of:
Correct — training cutoff dependency risk is precisely this: the model cannot know what CVEs were published after its training concluded.
Incorrect — this is training cutoff dependency risk. The model's library knowledge is frozen at its cutoff date regardless of prompt specificity.
2. An AI-generated file upload handler stores uploaded files in the /var/www/html/uploads/ directory which is web-accessible. A user uploads a PHP file with extension .php.jpg. What is the critical risk?
Correct. Depending on Apache/Nginx configuration, some servers execute the PHP component of a double-extension filename. Even without that, storing uploads inside the web root allows direct URL access. Uploads should be stored outside the web root and served through a controlled download handler.
Uploads stored in the web root can be directly accessed via HTTP. If the server processes double-extension files or is misconfigured, PHP execution (webshell) is possible. Uploads should be stored outside the web root.
3. RFC 7465 (2015) prohibited RC4 in TLS because of which fundamental property?
Correct. RC4's keystream has known statistical biases — particularly in the first bytes (Fluhrer, Mantin, Shamir, 2001) and cumulative biases across long keystreams. Given sufficient TLS sessions encrypted with the same key material (as in HTTPS cookies), these biases allow byte-by-byte recovery of repeated plaintext, demonstrated in the RC4NOMORE attack (Vanhoef & Piessens, 2015) requiring approximately 75 hours of network observation.
Not correct. RFC 7465 prohibited RC4 because of statistical biases in its keystream. The RC4NOMORE attack (Vanhoef & Piessens, 2015) showed these biases allow byte-by-byte plaintext recovery given sufficient HTTPS sessions — approximately 75 hours of traffic capture for cookie recovery.
4. In a SAST severity gate configuration, which approach best balances security and development velocity?
✓ Correct — Correct. Tiered response — auto-block CRITICAL, human sign-off on HIGH, tracked MEDIUM, logged LOW — maintains meaningful security gates without paralyzing development over low-confidence findings.
Tiered response is the standard approach: auto-block CRITICAL, require documented sign-off on HIGH, track MEDIUM for remediation planning, log LOW for awareness.
5. An AI code assistant generates cipher = AES.new(key, AES.MODE_ECB) . The primary security failure is that ECB mode:
Correct. ECB is deterministic and stateless — each 16-byte block is encrypted independently. Identical plaintext blocks always produce identical ciphertext blocks. The structural information in the data survives into ciphertext, which the "ECB penguin" demonstration shows visually: a bitmap encrypted with ECB still shows the recognizable image outline.
Not correct. ECB's fundamental flaw is determinism: identical plaintext blocks → identical ciphertext blocks. This reveals data structure (the "ECB penguin" problem). ECB provides no semantic security — an attacker can identify repeated blocks and infer plaintext patterns.
6. A 2023 Trail of Bits analysis found that what percentage of Copilot-assisted repositories contained broken-authentication vulnerabilities traceable to AI suggestions?
Correct.
The reported figure was 40%.
7. In AES-GCM, repeating a nonce with the same key allows an attacker to execute the Forbidden Attack. What does this recover?
Correct. GCM's authentication uses GHASH with key H = E(key, 0). When nonces repeat, two authentication equations over the same H can be solved for H. With H recovered, forging valid authentication tags for arbitrary ciphertexts becomes trivial — breaking both confidentiality (via keystream recovery) and integrity (via tag forgery) simultaneously.
Not correct. The Forbidden Attack recovers the GHASH key H = E(key, 0) from two messages sharing a nonce. With H, an attacker can forge valid authentication tags for any ciphertext, completely breaking GCM's integrity guarantee — not just recovering plaintext.
8. Which approach represents the STRONGEST input validation strategy?
Correct. Allowlist validation (also called whitelist) is fundamentally stronger than denylist because attackers can find bypasses for any blocklist (encoding variations, Unicode normalization, etc.) but cannot bypass "only these specific values are accepted."
Allowlist validation is always stronger than denylist. Attackers find denylist bypasses; there is no bypass for "only these exact permitted values are accepted."
9. An auditor finds requests.get(url, verify=False) in production Python code. Which attack does this directly enable?
Correct. verify=False disables all TLS certificate validation in the Python requests library. An attacker performing a MITM attack can present any certificate — expired, self-signed, for the wrong hostname, or from a rogue CA — and the client will accept it and continue the connection, delivering all traffic to the attacker.
Not correct. verify=False in requests disables TLS certificate validation entirely. A MITM attacker can present any certificate and the connection proceeds normally, delivering all plaintext to the attacker. This is one of the most impactful single-parameter security failures possible in Python network code.
10. What makes the "package hallucination" supply-chain attack possible?
✓ Correct — Correct. Attackers monitor for hallucinated package names appearing in public code and register them on npm/PyPI, intercepting installations by developers who accepted AI suggestions without verification.
The attack works by registering hallucinated names on real registries — the AI generates a plausible name, the attacker registers it, and any developer who installs it gets attacker-controlled code.
11. A developer uses git-filter-repo to remove a hardcoded secret from git history and force-pushes. What critical step is still required?
Correct. History rewrite does not invalidate the credential itself.
Incorrect. The credential must be rotated — anyone who accessed the repo before the rewrite may still have it.
12. The Zendesk 2022 XSS incident involved an AI-assisted code change that replaced which safe DOM property with innerHTML?
Correct. textContent was replaced with innerHTML to support "rich formatting" — without sanitization, creating a stored XSS that exposed support agents' sessions.
textContent was replaced with innerHTML. textContent treats all content as plain text; innerHTML parses it as HTML, executing any script content.
13. The JWT algorithm confusion vulnerability occurs when the verifier does not specify an algorithms parameter. What is the worst-case attack?
Correct. The "alg:none" attack: the attacker sets the header algorithm to none, strips the signature, and submits the token. Libraries that don't enforce a specific algorithm accept it as valid, providing full authentication bypass.
The alg:none attack: set the header algorithm to "none," remove the signature. Libraries accepting the header's algorithm claim validate the (absent) signature as valid. Fix: always specify algorithms=["HS256"] (or your algorithm).
14. The JWT "none algorithm" attack (exploited against Auth0 in 2015) is prevented by:
Correct. Without an algorithm pin, a library that accepts alg: none from the token header will skip signature verification. Pinning the algorithm on verification prevents this.
The fix is algorithm pinning on verification. Specifying { algorithms: ['HS256'] } rejects any token that declares a different algorithm, including none .
15. An AI generates a password reset flow: user submits new password → stored in DB → retrieved → used to update a session token with string concatenation. What vulnerability does this create?
Correct. When stored data is retrieved and concatenated into a new query, the developer falsely trusts database-sourced data. This is the defining characteristic of second-order injection.
This is second-order SQL injection. The data was stored (possibly safely), but when retrieved and used in another query via concatenation, the original malicious input executes in the new context.
16. Which package manager behavior is the root cause of dependency confusion attacks?
Correct. The resolver priority flaw — public over private registry preference — is the core mechanism that dependency confusion exploits.
Incorrect. Dependency confusion exploits the fact that package managers typically prefer public registries over private ones when a name collision exists between them.
17. What makes Python pickle dangerous when deserializing untrusted data?
Correct. Python pickle's __reduce__ method executes during deserialization. A crafted pickle payload can call os.system(), subprocess, or any other Python callable with attacker-controlled arguments.
Pickle executes code during deserialization. Attacker-controlled pickle data is equivalent to arbitrary code execution on the server.
18. The BEAST attack (2011) against TLS 1.0 exploited which specific property of TLS 1.0's CBC implementation?
Correct. TLS 1.0 used the last ciphertext block of one record as the IV for the next record. Duong and Rizzo demonstrated at Ekoparty 2011 that this predictable IV allows a chosen-plaintext attack: by controlling some plaintext (via script injection) and observing ciphertext, an attacker can recover browser cookies byte-by-byte. TLS 1.1+ fixed this by using random IVs.
Not correct. BEAST exploited TLS 1.0's CBC chained IV — the last ciphertext block of one record became the IV of the next. This predictability allowed Duong and Rizzo to mount a chosen-plaintext attack recovering browser session cookies. TLS 1.1 fixed this with random per-record IVs.
19. In the Codecov supply chain attack (April 2021), the attack succeeded because CI/CD pipelines:
Correct. Over-scoped environment variables gave the compromised Codecov script access to credentials it should never have seen.
Incorrect. The attack succeeded because production secrets were in scope for all pipeline jobs, making them accessible to the compromised third-party tool.
20. Socket.dev differs from traditional vulnerability scanners in that it:
Correct. Socket.dev focuses on behavioral change detection — flagging packages that suddenly add network access or obfuscated code — rather than relying solely on CVE database matches.
Incorrect. Socket.dev's differentiator is behavioral signal analysis — detecting when packages suddenly add new capabilities like network access or file system writes — rather than waiting for CVEs to be published after exploitation.