MCP Mastery Quiz

Test your knowledge across all three modules — architecture, server building, tool definitions, security, and production patterns.

Course Recap

You have covered three modules across 10 lessons. Here is the full arc of what you learned.

Module 1

Architecture

What MCP is and why it exists
Host, Client, and Server roles
JSON-RPC 2.0 message format
Transport layers: stdio and Streamable HTTP
Capability negotiation lifecycle

Module 2

Building

Your first MCP server from scratch
server.tool() definitions with Zod
Resources for read-only data
Prompts as reusable templates
Returning structured content arrays

Module 3

Production

Security: least privilege principle
Input validation and sanitization
Connecting servers to Claude Desktop
Audit logging and error handling
Real-world patterns and best practices

Key Concepts Review

The most important ideas from the course, distilled into quick-reference form.

The 3 MCP Primitives

🔧

Tools

Actions the AI can invoke. Think API endpoints: the model calls them, your handler executes logic, and a result comes back.

📄

Resources

Read-only data the AI can access. Files, database records, configuration — anything the model needs to read but not modify.

💬

Prompts

Reusable templates the user selects. They pre-fill context so the AI starts with exactly the right framing for a task.

The `server.tool()` Signature

// Three arguments: name, schema, handler
server.tool(
"tool-name",            // unique string identifier
{ query: z.string() },   // Zod schema for input validation
async ({ query }) => {  // handler function
return {
content: [{ type: "text", text: "result" }]
};
}
);

Security Principles

Least Privilege

Give servers the minimum permissions they need. A read-only DB user cannot run DROP TABLE even if a prompt injection gets through.

Input Validation

Always validate inputs with Zod schemas. Never trust data from the AI model — treat it like user input from an untrusted source.

Audit Logging

Log every tool invocation with timestamps, parameters, and results. When something goes wrong, logs are your only witness.

Error Boundaries

Never let exceptions crash the server. Catch errors in handlers, return meaningful messages, and keep the MCP connection alive.

Common MCP Mistakes

These are the pitfalls that trip up most developers when building MCP servers. If you can avoid these five, you are ahead of the curve.

Giving servers too many permissions

Connecting your MCP server with a root database user or full filesystem access is an invitation for disaster. If a prompt injection tricks the AI into calling a destructive tool, those permissions become the blast radius. Always use the most restrictive credentials possible.

Not validating inputs with Zod schemas

Skipping schema validation means your handler receives whatever the model sends — including malformed data, SQL fragments, or unexpected types. Zod schemas are your first line of defense. They reject bad input before your code ever sees it.

Putting business logic in the tool description

The tool description tells the AI when to use the tool — it is not where your logic lives. All computation, API calls, and data processing belong in the handler function. Descriptions should be short, clear sentences explaining the tool's purpose.

Not handling errors gracefully

An unhandled exception in a tool handler can crash your entire MCP server, killing the connection for all tools. Wrap handler logic in try/catch blocks and return a structured error response with isError: true so the AI can recover and inform the user.

Exposing sensitive data through Resources without access control

Resources are powerful because they give the AI direct read access to data. But if you expose environment variables, credentials, or private user data as a Resource without scoping or filtering, the AI can read and potentially leak that information in its responses. Always filter sensitive fields before returning Resource content.

Pre-Quiz Checklist

Before you take the quiz, do a quick self-assessment. Can you confidently answer each of these?

☐ I can explain what MCP stands for and why it was created.

☐ I can name the three components of MCP architecture.

☐ I know the difference between Tools, Resources, and Prompts.

☐ I can write a server.tool() call with name, schema, and handler.

☐ I understand the two transport protocols (stdio and Streamable HTTP).

☐ I can explain the capability negotiation lifecycle.

☐ I know where to configure MCP servers for Claude Desktop.

☐ I can list three security principles for production MCP servers.

If any of these feel shaky, scroll up and review the relevant section before proceeding. The quiz covers all of them.

Ready? Let's go.

10 questions. You need 8 correct to pass. Good luck.

🔒

This lesson is for Pro members

Unlock all 520+ lessons across 52 courses with Academy Pro.

Go Pro — $49/mo ← Back to course

Already a member? Sign in to access your lessons.