marketing-shibata50/claude-code-ultimate-guide
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
claude-code-ultimate-guide/quiz/questions/13-security.yaml
Florian BRUNIAUX a7962d5560 release: v3.20.4 - 30 new quiz questions (227 → 257) 
Add 30 questions across 11 categories covering recent guide content:
Advanced Patterns (+8), MCP Servers (+3), Architecture (+3),
Reference (+3), Hooks (+2), Learning (+2), Security (+2),
AI Ecosystem (+3), Memory (+2), Agents (+1), Privacy (+1).

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-31 22:17:32 +01:00

208 lines
10 KiB
YAML
Raw Blame History

category: "Security Hardening"
category_id: 13
source_file: "guide/security-hardening.md"
questions:
- id: "13-001"
difficulty: "intermediate"
profiles: ["senior", "power"]
question: "What is an 'MCP Rug Pull' attack?"
options:
a: "An MCP server that crashes unexpectedly"
b: "A benign MCP that turns malicious after gaining trust (no re-approval needed)"
c: "An MCP that uses too many tokens"
d: "An attack on the MCP protocol itself"
correct: "b"
explanation: |
An MCP Rug Pull exploits the one-time approval model: attacker publishes benign MCP → user approves once → MCP works normally (builds trust) → attacker pushes malicious update → MCP exfiltrates credentials WITHOUT re-approval. Mitigation: version pinning + hash verification.
doc_reference:
file: "guide/security-hardening.md"
section: "Attack: MCP Rug Pull"
anchor: "#attack-mcp-rug-pull"
- id: "13-002"
difficulty: "senior"
profiles: ["senior", "power"]
question: "What does CVE-2025-53109/53110 (EscapeRoute) exploit?"
options:
a: "Prompt injection in Claude's system prompt"
b: "Filesystem MCP sandbox escape via prefix bypass + symlinks"
c: "Memory corruption in the Bash tool"
d: "API key leakage in network requests"
correct: "b"
explanation: |
CVE-2025-53109/53110 (EscapeRoute) allows sandbox escape in Filesystem MCP via prefix bypass combined with symlinks. Severity: High. Mitigation: avoid Filesystem MCP with unrestricted access or apply the official patch. Source: Cymulate security research.
doc_reference:
file: "guide/security-hardening.md"
section: "CVE Summary (2025)"
anchor: "#cve-summary-2025"
- id: "13-003"
difficulty: "intermediate"
profiles: ["senior", "power"]
question: "What is a known limitation of permissions.deny in .claude/settings.json?"
options:
a: "It only works on macOS"
b: "System reminders may expose file contents before tool permission checks"
c: "It cannot block Bash commands"
d: "It requires admin privileges"
correct: "b"
explanation: |
permissions.deny has architectural limitations: background indexing may expose file contents via internal "system reminder" mechanism BEFORE tool permission checks are applied. This is documented in GitHub #4160. Defense-in-depth: store secrets outside project directories.
doc_reference:
file: "guide/security-hardening.md"
section: "Known Security Gaps"
anchor: "#known-security-gaps"
- id: "13-004"
difficulty: "intermediate"
profiles: ["senior", "power"]
question: "What is the recommended defense-in-depth strategy for secrets protection?"
options:
a: "Only use permissions.deny"
b: "Store secrets outside project + external vault + PreToolUse hooks + never commit"
c: "Encrypt all files in the project"
d: "Use a VPN when running Claude Code"
correct: "b"
explanation: |
Defense-in-depth: (1) Store secrets outside project directories (~/.secrets/ or vault), (2) Use external secrets management (AWS Secrets Manager, 1Password), (3) Add PreToolUse hooks as secondary blocking, (4) Never commit secrets, (5) Manually review bash commands.
doc_reference:
file: "guide/security-hardening.md"
section: "Defense-in-Depth Strategy"
anchor: "#defense-in-depth-strategy"
- id: "13-005"
difficulty: "senior"
profiles: ["senior", "power"]
question: "Which prompt injection evasion technique uses U+200B, U+200C, U+200D?"
options:
a: "Base64 encoding"
b: "RTL override"
c: "Zero-width characters (invisible to humans)"
d: "Homoglyphs"
correct: "c"
explanation: |
Zero-width characters (U+200B, U+200C, U+200D) make instructions invisible to humans while still being interpreted. Detection: Unicode regex pattern [\x{200B}-\x{200D}\x{FEFF}\x{202A}-\x{202E}]. Added to prompt-injection-detector.sh in v3.6.0.
doc_reference:
file: "guide/security-hardening.md"
section: "Evasion Techniques"
anchor: "#evasion-techniques"
- id: "13-006"
difficulty: "intermediate"
profiles: ["senior", "power"]
question: "Which secret detection tool has the highest recall (88%) but lower precision (46%)?"
options:
a: "TruffleHog"
b: "GitGuardian"
c: "Gitleaks"
d: "detect-secrets"
correct: "c"
explanation: |
Gitleaks: 88% recall, 46% precision, fast (~2 min/100K commits) - best for pre-commit hooks. TruffleHog: 52% recall, 85% precision, slow - best for CI verification. GitGuardian: 80% recall, 95% precision - enterprise monitoring. detect-secrets: 60% recall, 98% precision - baseline approach.
doc_reference:
file: "guide/security-hardening.md"
section: "Tool Comparison"
anchor: "#tool-comparison"
- id: "13-007"
difficulty: "intermediate"
profiles: ["senior", "power"]
question: "What is the recommended hook stack for security in settings.json?"
options:
a: "Only PostToolUse hooks for logging"
b: "PreToolUse (dangerous blocker, injection detector) + PostToolUse (output scanner) + SessionStart (MCP integrity)"
c: "No hooks - rely only on permissions.deny"
d: "Only UserPromptSubmit hooks"
correct: "b"
explanation: |
Recommended security hook stack: PreToolUse → dangerous-actions-blocker.sh (Bash), prompt-injection-detector.sh + unicode-injection-scanner.sh (Edit/Write). PostToolUse → output-secrets-scanner.sh (Bash). SessionStart → mcp-config-integrity.sh. Multiple layers for defense-in-depth.
doc_reference:
file: "guide/security-hardening.md"
section: "Hook Stack Setup"
anchor: "#23-hook-stack-setup"
- id: "13-008"
difficulty: "junior"
profiles: ["junior", "senior", "power"]
question: "Which MCP servers are marked as 'Safe' in the community-vetted safe list?"
options:
a: "filesystem (unrestricted), database (prod credentials)"
b: "@anthropic/mcp-server-*, context7, sequential-thinking, memory"
c: "browser (full access), custom MCPs"
d: "All MCPs are safe by default"
correct: "b"
explanation: |
MCP Safe List: @anthropic/mcp-server-* (official), context7 (read-only docs), sequential-thinking (no external access, local), memory (local file-based). Risk: filesystem unrestricted (CVE-2025-53109), database prod (exfiltration). Unsafe: browser full access.
doc_reference:
file: "guide/security-hardening.md"
section: "MCP Safe List (Community Vetted)"
anchor: "#mcp-safe-list-community-vetted"
- id: "13-009"
difficulty: "junior"
profiles: ["junior", "senior", "power"]
question: "What is the first action when a secret is exposed?"
options:
a: "Document the incident for post-mortem"
b: "Revoke the credential immediately"
c: "Scan the entire repo"
d: "Notify the team"
correct: "b"
explanation: |
First 15 minutes (stop the bleeding): (1) Revoke immediately - AWS delete-access-key, GitHub revoke token, Stripe roll key. (2) Confirm exposure scope. Then: audit git history, scan dependencies, check CI/CD logs. First 24 hours: rotate ALL related credentials, notify compliance, document timeline.
doc_reference:
file: "guide/security-hardening.md"
section: "Secret Exposed"
anchor: "#31-secret-exposed"
- id: "13-010"
difficulty: "junior"
profiles: ["junior", "senior", "power", "pm"]
question: "What are the three security posture levels in the guide?"
options:
a: "Low, Medium, High"
b: "Basic (5 min), Standard (30 min), Hardened (2 hours)"
c: "Development, Staging, Production"
d: "Free, Pro, Enterprise"
correct: "b"
explanation: |
Security posture levels: Basic (5 min) = output scanner + dangerous blocker - for solo dev/experiments. Standard (30 min) = + injection hooks + MCP vetting - for teams/sensitive code. Hardened (2 hours) = + integrity verification + ZDR - for enterprise/production.
doc_reference:
file: "guide/security-hardening.md"
section: "Security Posture Levels"
anchor: "#security-posture-levels"
- id: "13-011"
difficulty: "senior"
profiles: ["senior", "power"]
question: "Which sandbox isolation approach combines microVM isolation with network policies for agent autonomy?"
options:
a: "E2B (hosted cloud sandboxes)"
b: "Fly.io Sprites (edge compute)"
c: "Docker Sandboxes (with custom templates and network policies)"
d: "Cloudflare Sandbox SDK"
correct: "c"
explanation: |
Docker Sandboxes provide microVM-level isolation with customizable network policies. Key features: custom Dockerfile templates for reproducible environments, network policies to control egress/ingress, volume mounts for persistent storage, and CPU/memory limits. This approach suits teams wanting full control over sandbox configuration while maintaining strong isolation.
doc_reference:
file: "guide/sandbox-isolation.md"
section: "Docker Sandboxes"
anchor: "#docker-sandboxes"
- id: "13-012"
difficulty: "junior"
profiles: ["junior", "senior", "power", "pm"]
question: "What is the GitHub Issue Auto-Creation Bug (#13797) and why is it dangerous?"
options:
a: "Issues get automatically deleted"
b: "Claude Code accidentally creates public GitHub issues containing private project details"
c: "Issues are created but remain private"
d: "Only affects paid enterprise accounts"
correct: "b"
explanation: |
The GitHub Issue Auto-Creation Bug (#13797) causes Claude Code to accidentally create public GitHub issues containing private project details. Over 17 accidental disclosures documented, affecting v2.0.65+. The danger: internal code, architecture decisions, and private context leak publicly. Mitigation: disable the gh CLI tool or restrict GitHub permissions.
doc_reference:
file: "guide/known-issues.md"
section: "GitHub Issue Auto-Creation Bug"
anchor: "#github-issue-auto-creation-bug"
Reference in a new issue View git blame Copy permalink