Module quiz: Securing an API in Django REST framework

Module quiz: Securing an API in Django REST framework

  1. In what way can you validate the price field to not be less than 5 in a serializer? Choose all that apply.

    • By using a validate method

    • By adding this line of code in the serializer:

        price = serializers.DecimalField(max_digits=6, decimal_places=2, min_value=5)
      
    • By using a validate_price_lt method

    • By using a validation method

    • By adding

        'price': {'min_value': 5} in the extra_kwargs section
      
  2. How can you limit an API endpoint in such a way that only POST, PUT, PATCH and DELETE calls will be throttled, but GET calls will not be throttled? Choose all that apply.

    • By writing a custom throttle class and overriding the get_throttles method

    • By writing a custom throttle class and using it inside a @throttle_classes decorator.

    • By writing a scoped throttle class and set it up in the settings.py file

    • This cannot be done

  3. For token-based authentication, you need to install the Djoser library because DRF doesn’t support such authentications by default.

    • True

    • False

  4. How can you enable support for sorting the API output by two fields: age and gender?

    • By manually parsing the query string

    • By adding this line of code

        ordering_fields=['age','gender'] in a class-based view
      
    • By adding this @ordering_fields(['age','gender']) above a function-based view

    • No code change is required. Just add ‘OrderingFilter' in the settings.py file and DRF will process it automatically.

  5. Which of the following are valid endpoints automatically created by Djoser?

    • /users/

    • /users/me/

    • /user/confirm/

    • /user/me/

    • /user/

  6. You can manually expire a JWT access token any time you want.

    • True

    • False

  7. How can you assign users to a user group? Choose all that apply.

    • From the Django admin panel

    • By making a call to /users/groups endpoint

    • Using Djoser library

    • By using the user_set.add() method in a Group object

    • By manually modifying the database records

  8. Which of the following prefixes should you use to successfully authenticate a token using SimpleJWT library?

    • Auth Token

    • Token

    • Auth

    • Bearer

  9. What happens when you blacklist a JWT refresh token?

    • It cannot be used to generate new refresh tokens

    • It blocks the user who bears this token

    • It expires

    • It cannot be used to generate new access tokens anymore.

    • It also blacklists the access token

  10. Which of the following prefixes must you use with tokens to successfully authenticate an API call in plain DRF?

    • Auth

    • Auth Token

    • Bearer

    • Token

  11. Which external package can you use to sanitize HTML tags from user input data?

    • Cleaner

    • Bleach

    • Sanitizer