Back to the course
Test yourself

Python for security automation

Final exam · 12 questions · answers explained as you pick
Projects & safe I/O
6 questions
01Virtual environments exist to…
Incorrect — They do not change execution speed.
Correct — Never pip install into the interpreter your OS depends on.
Incorrect — A venv is not a security sandbox.
Incorrect — It isolates, it does not encrypt.
02Building a shell command by concatenating untrusted input causes…
Incorrect — The risk is security, not speed.
Correct — Use subprocess with an argument list, never shell=True with f-strings.
Incorrect — That is not the primary danger.
Incorrect — Injection, not memory, is the concern.
03The safe way to call an external command with user input is…
Incorrect — That passes the string through a shell — injectable.
Incorrect — shell=True re-parses metacharacters in the input.
Correct — An argument list is never re-parsed by a shell.
Incorrect — eval on input is arbitrary code execution.
04When calling an external API, you should always set…
Incorrect — Not a safety measure.
Correct — A hung request with no timeout stalls the whole tool.
Incorrect — Disabling TLS verification defeats transport security.
Incorrect — Unbounded retries hammer the service; use bounded backoff.
05Streaming a huge log with a generator instead of readlines()…
Correct — You avoid loading a multi-GB file into RAM at once.
Incorrect — It is usually comparable and far lighter on memory.
Incorrect — That is exactly what it avoids.
Incorrect — Reading does not modify the source.
06A common ReDoS-style hazard when parsing logs is…
Incorrect — Generators are fine and encouraged.
Correct — A pathological pattern can hang the process on one crafted line.
Incorrect — Input source is not the hazard.
Incorrect — Output is unrelated.
6 questions · explanations appear as you answer
CLIs & dependency hygiene
6 questions
01A well-behaved CLI tool should…
Incorrect — Automation relies on non-zero exit to detect failure.
Correct — Exit codes and a dry run make it safe to wire into pipelines.
Incorrect — Never print secrets to stdout/logs.
Incorrect — CI has no human; prefer flags and env.
02A non-zero exit code from a script signals…
Correct — Exit status is the contract automation depends on.
Incorrect — Zero means success; non-zero means failure.
Incorrect — It is precisely how pipelines detect failure.
Incorrect — Exit codes are about outcome, not timing.
03--dry-run mode is valuable because it…
Incorrect — Speed is a side effect at most.
Correct — It is a change-review artifact for free.
Incorrect — It previews actions; it is not crypto.
Incorrect — Flags are still parsed.
04pip-audit checks…
Incorrect — That is a linter’s job.
Correct — Your 40-line script imports 200k lines of other people’s code.
Incorrect — Coverage is a different tool.
Incorrect — That is license scanning, not vuln auditing.
05Pinning dependencies with a lockfile matters because it…
Correct — Everyone builds against the exact same versions.
Incorrect — Runtime speed is unaffected.
Incorrect — Pinning is about versions, not encryption.
Incorrect — They solve different problems.
06Secrets used by a Python script belong in…
Incorrect — Source gets committed, forked, and pasted into tickets.
Correct — Keep credentials out of anything version-controlled.
Incorrect — Comments ship with the code.
Incorrect — Documentation is the worst place for a secret.
6 questions · explanations appear as you answer