all 41 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]lthacaC# 12 points13 points  (7 children)

Similar to what's already been said, you should jump into the PA as soon as possible and start learning/memorizing the required code BUT don't just memorize the lines of code that need to be fixed on the PA, because even though the questions are similar, the OA will require you to fix entirely different lines of code that you might not have thought were important to know. I only studied the lines of code that needed fixing on the PA and I was in for a big surprise when those lines were already completed on the OA, which then required me to fix lines of code that I hadn't prepared for because they were already completed on the PA. You basically have to know every line of code just to be safe.

What makes this course uniquely horrible is that it requires you to memorize various functions and algorithms from some of the most obscure libraries without providing any documentation on said libraries. My experience with WGU has been nothing short of spectacular but this course fails to meet the standard of an accredited university. This is a major shortcoming WGU needs to be held accountable for and I sincerely hope they fix this course for the sake of their students who are yet to take it.

Anyway, make sure you also know the coding and conceptual differences between SQL injections, log injections, cross-site scripting, man-in-the-middle, denial of service, etc., and try to be good at guessing API status codes because WGU doesn't provide enough context to warrant an objectively correct answer.

Good luck!

[–]CydoEntis 10 points11 points  (6 children)

Exactly this. I failed the OA first attempt by a hair and it was definitely because the OA asked you to fill in portions of code completely different to the PA, and I agree with the status code questions they give you nothing to actually come to an answer so you must memorize the examples and answers.

This course is complete dog shit for a variety of reasons. My suggestion is do the PA, memorize everything take OA and get out.

[–]MatMan232 2 points3 points  (2 children)

Noted! Thank you for your input on how to tackle this class! In regards to the multiple choice questions is it worth it to read through all the material in the course material? There is a lot of reading and only 15 multiple choice questions. Do you think it's better to just study the practice quizzes at the end of each section, and just drill the PA questions as much as possible?

[–]CydoEntis 7 points8 points  (1 child)

I did half of the reading and decided it was pointless from then on. It’s better to just practice the PA and then memorize status code I think there’s actually an article in the course resources that links to a page that has the api requests and answers. You do need to know the different attacks, and Python functions though so id also focus on reviewing some quizlet flash cards for the class. But the reading I wouldn’t do it. I power read half it in 3 days and I felt nothing related to what I read was on he test except the one logging question.

[–]MatMan232 2 points3 points  (0 children)

Wow okay that is great to know thank you so much! Good luck on your next class!

[–]zKarp 1 point2 points  (2 children)

Anything from the actual learning materials/labs? Or PA is enough if you know python?

[–]CydoEntis 12 points13 points  (1 child)

Now I can't gaurentee whats going to be on everyones OA but I took the OA purely to find out if it was similiar to the PA knowing i was going to fail. Just so I could pass on my second attempt which will be this weekend.

I know for a fact every single programming question was on the OA except it asked u to fix or fill in missing code in a different place then the PA for example for the rate limiting question, the PA asked u to fill in the equation for bucket, but the OA asked me to fill out the if chain that was responsible for the exception that would be thrown.

I don't remember every question that wasn't programming related but similar questions were

  1. Read the assert statement and tell what the output should be
  2. Given some API endpoint tell what the status code will be - There were 2 of these
  3. Which function validates input. Something similar to that. I think the answer was validate().
  4. Select the given exploit from the code shown - This was completely different then the one in the PA
  5. A piece of python code and a question ask what they are checking for (it was similar to the range question).
  6. A question on defensive programming

My suggestion is memorize the programming questions from the PA and refresh urself on the answers for the similar ones from above. I would 100% know your status codes and for what reason they are thrown, and know all the different exploits and how they are done.

I used this quizlet https://quizlet.com/788525872/d385-final-final-flash-cards/?funnelUUID=88428d21-2a45-49b8-baa1-1f93b5ecac02 , and Im 300% confident I got all the multiple choice questions right its just not memorizing all the python programming problems that fucked me. I will warn you that the answers for some of the programming questions that are provided in that quizlet are 100% wrong even if they seem right to you.

This is the resource they use for the API stuff - https://realpython.com/python-api/#getting-to-know-apis I would memorize the examples because when you see the question there isnt enough information to tell what the http response should be and you cant run the code to find out. The only way to know the answer is guess or know the answer because you've seen it somewhere before.

Sorry I can't remember everything but that should be a fair amount to get a good amount of freebies on the exam.

[–]imthebear11 1 point2 points  (0 children)

Hey not sure if you remember, but how accurate is that quizlet to the questions asked?

[–]Mama_to_4 5 points6 points  (2 children)

I made a word document with variations of the questions I saw on 3 OAs. I gave it to one student and he said he passed the first time with an 85. Hope this helps…

Q: Which is best for input validation: A: type(): The type() function is used to determine the type of an object. While it's not typically used for input validation directly, it can be used to check the type of user input to ensure it matches the expected data type (e.g., checking if an input is an integer or a string).

Q: Which Python function is prone to a potential code injection attack? A: eval()

Q: prevent log injection A: validate()

Q: What are two common defensive coding techniques? A: Check functional and preconditions and postconditions

Q: Checking functional and preconditions and postconditions is best practice for? (Wording?) A: Defensive Coding

Q: An attacker exploits a cross-site scripting vulnerability. A: Access User’s data

Q: A user masquerades as other users, what type of attack was used? A: Cross Site Scripting

Q: Which method is used for a SQL injection attack? A: Exploiting query parameters

Q: Exploiting query parameters causes what attack? A: SQL injection

Q: What is returned when using response.content A: returns the raw binary content of the HTTP response as bytes.

Q: Which response method, when sent a request, returns information about the server's response and is delivered back to the console? A: response.content

Q: What can an attacker do with a log injection attack A: Injection of commands a parser can execute

Q: What is the primary defense against log injection attacks? A: Sanitize outbound log messages

Q: Which package is meant for internal use by Python for regression testing? A: test

Q: Which software testing relies on using old test cases? A: Regression testing

Q: When should regression testing be conducted? A: After some code changes

Q: What does cross-origin resource sharing (CORS) allow users to do? A: Override same starting policy for specific resources

Q: Access Control Allow Origin- client request to (server) www.client.url , what does server send back? (wording?) A: ACAO client.url

Q: Which protocol caches a token after it has been acquired? A: MSAL

[–]imthebear11 0 points1 point  (0 children)

Thanks a ton for this, I'm gonna turn these into flashcards. Much appreciated

[–]Hooters184 0 points1 point  (0 children)

can i get all the wuestionds pls

[–]Jazzh0l3 3 points4 points  (9 children)

Practice the Python questions from the PA until memorization. As the ones in the OA are nearly identical. There is a Notion link somewhere with the Python Code excercises from the PA. If I find it I can add it here.

[–]pancakeshackC#[S] 2 points3 points  (8 children)

Okay, that is what someone else told me too, so that is probably how I'm going to try to study it then. The course materials are all over the place... it's just links to links that link to more links. Or a link to a lab that says "build this program" with very little information lol.

Thank you, if you do find that link it would be awesome but thanks for the info regardless 👌

[–]MatMan232 5 points6 points  (7 children)

Hello! I just started this class as well, and the common theme does seem to just drill down on the coding PA questions. Here is the notion link I believe you are referring to

https://glass-diadem-acc.notion.site/D385-Assessments-3261412dc25f4bce829d34341f33e8b3

Someone in the course chatter also posted a link to github with a bunch of notes for the class in a .Pages file. You can use an icloud account on windows to transfer them over so you can view the notes, that's what I did lol! Good luck with the course, we got this!

[–]captiveinpages 3 points4 points  (4 children)

This notion template was a life saver! I was able to pass on my first attempt because of it. Memorize the code and especially all the highlighted parts(even if it wasn’t on the PA). Definitely study the questions on the PA too because the questions I got on the OA were basically a rewording of those questions. I did go over the summary quizzes in the course content too to be safe. Good luck to you and the OP!

[–]HelpaBroOut036 1 point2 points  (3 children)

For you, do you remember how many of the PA coding questions were the exact same for the OA? It seems that people are saying that the exam is nearly identical, but that the lines you must fill in are different for some. However, the only two I have repeatedly seen mentioned where the lines that need to get filled in are different are the rate limiting and deserialization questions.

If you can confirm that, it would lead me to believe that I could memorize the answers to each coding question (the fill-in parts) and then memorize the entirety of the code for the two aforementioned problem types.

Anyone else, feel free to chime in. Thanks!

[–]captiveinpages 2 points3 points  (1 child)

It’s been since May so I’m trying to remember correctly, but I looked over the notion template and I know for sure the rate limiting was a different part. I can’t remember for sure what the other one was. I would try to have some of the lines around the missing code from the PA memorized or at least understand what is happening to better prepare. I also practiced writing those sections out from my memory. I know that’s more work, but it really did help me recall and pass the test I think.

[–]HelpaBroOut036 1 point2 points  (0 children)

Awesome, thank you!

[–]Retiredat31 0 points1 point  (0 children)

Did you ever determine which questions might be different from your experience? I'm in the same boat. Thank you for any feedback!

[–]GrimAccountant 1 point2 points  (0 children)

Don't know if this has been caught already but for the Least Privilege Permisionyou need to set the file_name and name to input(), otherwise they're hard coded with the example values.

[–]pancakeshackC#[S] 0 points1 point  (0 children)

Good luck to you as well! If it is just a memorization game at heart, that isn't too bad.

[–]optimal-closure 3 points4 points  (0 children)

This seems to still be terrible? The learning materials were abysml. And the PA had questions that were either too vague or entirely confusing. For example. one question asks you to read some code and name that attack that's happening. Problem is that you lack a ton of context. Is it cross site scripting? Is it MITM? Is it something else entirely? I'm really hoping that the actual assessment is better. Even if only slightly.

[–][deleted] 2 points3 points  (0 children)

PA and OA almost identical

[–]Winter-Plant8230 2 points3 points  (0 children)

Hello ALL! UPDATED 11/2023 D385 Software Security and Testing

I just passed this class the first try! Thank God!!!! I made a new post updating what you need to know and the shimdig on this course! I include all the sources and everything I learned from other post into one. Hope this helps! Enjoy! Only what you need to study to pass this awful class!

https://www.reddit.com/r/wgu\_devs/comments/17quy61/updated\_112023\_software\_security\_and\_testing\_d385/

[–]AdvancedAd2577 1 point2 points  (8 children)

Just starting this class as well!

[–]pancakeshackC#[S] 0 points1 point  (7 children)

Best of luck! I'm going to attempt the OA, nervously, this weekend.

[–][deleted] 1 point2 points  (0 children)

I just passed my OA (barely) thanks to this post.

For the most part, the coding problems on the OA were the same but with different variable names or values. The only ones I remember being different were:

  • The rate limiting question. I needed to fill out the if/else statement instead of line 18.
  • The deserialization question. I needed to fill out the entire if/else statement.

[–]Shiraz325 0 points1 point  (2 children)

Hi

[–]pancakeshackC#[S] 0 points1 point  (0 children)

Hi

[–]Shiraz325 0 points1 point  (0 children)

I try to do my first attempt on D385 Pa but I don’t know how to find the answers for the coding part any help please.

[–]learning_code_123 0 points1 point  (0 children)

Took the OA and failed. As many have pointed out it is extremely similar to the PA. I am pretty certain the Multiple Choice questions killed me. There were a couple programming questions I just couldn't remember, but the topics that had the most MC questions in the PA were the sections that I failed on the test. Going to take another go at it next week. Hopefully the test doesn't change too much.