marketing-shibata50/claude-code-ultimate-guide
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
claude-code-ultimate-guide/quiz/questions/14-privacy-observability.yaml
Florian BRUNIAUX 741acd0fa3 feat(quiz): add 58 new questions (159→217) in 4 new categories 
New categories:
- 11-learning-with-ai.yaml (15 questions): UVAL protocol, 70/30 rule, dependency patterns
- 12-architecture.yaml (12 questions): master loop, 8 tools, context budget, sub-agents
- 13-security.yaml (10 questions): MCP Rug Pull, CVEs, defense-in-depth
- 14-privacy-observability.yaml (10 questions): retention tiers, session search

Additions to existing:
- 08-mcp-servers.yaml: +3 Figma MCP questions (token efficiency, tools, setup)
- 09-advanced-patterns.yaml: +5 methodology questions (SDD, BDD, TDD)
- 01-quick-start.yaml: +3 image optimization questions

README updated: 217 questions, 56 templates, 14 categories

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-17 22:48:57 +01:00

174 lines
7.5 KiB
YAML
Raw Blame History

category: "Privacy & Observability"
category_id: 14
source_file: "guide/data-privacy.md"
questions:
- id: "14-001"
difficulty: "junior"
profiles: ["junior", "senior", "power", "pm"]
question: "What is the default data retention period for Claude Code conversations?"
options:
a: "30 days"
b: "1 year"
c: "5 years"
d: "Forever"
correct: "c"
explanation: |
Default retention is 5 years with data used for model training. By opting out of training at claude.ai/settings/data-privacy-controls, retention reduces to 30 days (safety monitoring only). Enterprise API (ZDR) has 0-day retention.
doc_reference:
file: "guide/data-privacy.md"
section: "TL;DR - Retention Summary"
anchor: "#tldr---retention-summary"
- id: "14-002"
difficulty: "intermediate"
profiles: ["junior", "senior", "power"]
question: "What data is sent to Anthropic when using Claude Code?"
options:
a: "Only your prompts"
b: "Prompts, files Claude reads, MCP results, Bash outputs, error messages"
c: "Only code snippets you copy-paste"
d: "Hashed metadata only"
correct: "b"
explanation: |
Everything Claude sees is sent: your prompts, files Claude reads (including .env if not excluded!), MCP server results (SQL queries, API responses), Bash command outputs, and error messages with stack traces. Use permissions.deny to block sensitive files.
doc_reference:
file: "guide/data-privacy.md"
section: "What Leaves Your Machine"
anchor: "#what-leaves-your-machine"
- id: "14-003"
difficulty: "intermediate"
profiles: ["senior", "power"]
question: "What is the risk when connecting a database via MCP?"
options:
a: "Database might slow down"
b: "Query results (including PII) are sent to Anthropic and stored per retention policy"
c: "Claude might drop tables"
d: "MCP uses too many tokens"
correct: "b"
explanation: |
When MCP executes a database query, ALL results are sent to Anthropic: "SELECT * FROM orders" → 100 rows with customer names, emails, addresses → stored according to your retention tier. NEVER connect production databases. Use dev/staging with anonymized data.
doc_reference:
file: "guide/data-privacy.md"
section: "Risk 2: MCP Database Access"
anchor: "#risk-2-mcp-database-access"
- id: "14-004"
difficulty: "junior"
profiles: ["junior", "senior", "power"]
question: "How can you reduce Claude Code data retention from 5 years to 30 days?"
options:
a: "Delete ~/.claude folder"
b: "Disable 'Allow model training' at claude.ai/settings/data-privacy-controls"
c: "Use incognito mode"
d: "Add --no-retention flag"
correct: "b"
explanation: |
Visit claude.ai/settings/data-privacy-controls and toggle OFF "Allow model training". This immediately reduces retention from 5 years to 30 days (safety monitoring only). Enterprise API (ZDR) provides 0-day retention for HIPAA/GDPR compliance.
doc_reference:
file: "guide/data-privacy.md"
section: "Opt-Out of Training"
anchor: "#41-opt-out-of-training"
- id: "14-005"
difficulty: "intermediate"
profiles: ["senior", "power"]
question: "What is the Enterprise API (ZDR) data retention policy?"
options:
a: "30 days retention"
b: "1 year retention"
c: "0 days (real-time processing only, data not stored)"
d: "5 years like default"
correct: "c"
explanation: |
Enterprise API (Zero Data Retention) has 0-day retention - data is processed in real-time and not stored. Required for HIPAA, GDPR, PCI-DSS compliance and government contracts. Requires enterprise contract with Anthropic.
doc_reference:
file: "guide/data-privacy.md"
section: "Tier 3: Enterprise API (Zero Data Retention)"
anchor: "#tier-3-enterprise-api-zero-data-retention"
- id: "14-006"
difficulty: "junior"
profiles: ["junior", "senior", "power"]
question: "What is the recommended session search tool from the guide?"
options:
a: "claude-conversation-extractor"
b: "session-search.sh (zero-dependency bash script)"
c: "ran CLI (npm)"
d: "Built-in /search command"
correct: "b"
explanation: |
session-search.sh is the recommended tool: zero dependencies (bash only), fast (~10ms list, ~400ms search), displays ready-to-use 'claude --resume' commands. Install with alias 'cs' for quick access. Alternative Python tools exist but are slower.
doc_reference:
file: "guide/observability.md"
section: "Recommended: session-search.sh"
anchor: "#recommended-session-searchsh"
- id: "14-007"
difficulty: "intermediate"
profiles: ["senior", "power"]
question: "What hook event is used for session logging?"
options:
a: "PreToolUse"
b: "PostToolUse"
c: "SessionStart"
d: "Notification"
correct: "b"
explanation: |
Session logging uses PostToolUse hook - it runs after each tool completes, capturing tool name, file path, project, and token estimates. Configure in settings.json with the session-logger.sh script. Logs are stored as JSONL files in ~/.claude/logs/.
doc_reference:
file: "guide/observability.md"
section: "Register in Settings"
anchor: "#2-register-in-settings"
- id: "14-008"
difficulty: "intermediate"
profiles: ["senior", "power"]
question: "What is the token estimation method used by the session logger?"
options:
a: "API-provided exact counts"
b: "~4 characters per token (heuristic, slightly overestimates)"
c: "1 word = 1 token"
d: "Based on file size only"
correct: "b"
explanation: |
The logger estimates tokens using ~4 characters per token heuristic. This is approximate and tends to slightly overestimate. Claude Code CLI doesn't expose actual API token metrics, so estimates have ~15-25% variance from actual billing.
doc_reference:
file: "guide/observability.md"
section: "Token Estimation Method"
anchor: "#token-estimation-method"
- id: "14-009"
difficulty: "intermediate"
profiles: ["senior", "power"]
question: "What CANNOT the session monitoring do?"
options:
a: "Track tool usage counts"
b: "Identify file access patterns"
c: "Provide exact token counts and actual API costs"
d: "Record operation timestamps"
correct: "c"
explanation: |
Monitoring CANNOT provide: exact token counts (CLI doesn't expose API metrics), actual API costs (estimates only), TTFT timing, real-time streaming metrics, or context window usage. It CAN track: tool usage counts, file access patterns, relative comparisons, operation timing.
doc_reference:
file: "guide/observability.md"
section: "What This Monitoring CANNOT Do"
anchor: "#what-this-monitoring-cannot-do"
- id: "14-010"
difficulty: "junior"
profiles: ["junior", "senior", "power"]
question: "Where are Claude Code session logs stored locally?"
options:
a: "~/.config/claude/"
b: "~/.claude/projects/<project>/"
c: "/var/log/claude/"
d: "In the cloud only"
correct: "b"
explanation: |
Sessions are stored locally at ~/.claude/projects/<project>/ as JSONL files. This enables session resume with 'claude --resume <id>' or 'claude -c' for most recent. Custom logs from session-logger.sh go to ~/.claude/logs/ (configurable via CLAUDE_LOG_DIR).
doc_reference:
file: "guide/observability.md"
section: "Native Commands"
anchor: "#native-commands"
Reference in a new issue View git blame Copy permalink