Security Coding Quiz

True

False

Using eval() on inputs

Strict input validation and parameterized queries

Giving the DB user full admin rights

Store large BLOBs

Perform automated database backups

Manage and audit encryption keys/secrets safely

It’s slow

It can execute arbitrary code from the user

It can’t handle strings

It doesn't support variables

There is no problem with that

Because people with log access can see them breaking least privilege rule

Because logs are often accessible and can leak secrets

In a .env file committed to the repo

As a plaintext string in your source code

In Azure Key Vault with restricted access

Inside a shared Excel file on SharePoint

Data duplication

Time zone issues

Code duplication

Lateral movement in case of a breach

Shrug, it’s just dev code

Escalate to your manager

Replace it with os.getenv("DB_PASS") and store it in Key Vault

Rename the variable

Using a vault to retrieve secrets dynamically

Hardcoding credentials in the pipeline YAML

Masking secrets in logs

Using GitHub Secrets to pass credentials

Use structured logging with filters/masking

Turn off logging entirely

Only log in production

Print everything to stdout