WGU C836 FUNDAMENTALS OF
INFORMATION SECURITY ACTUAL TEST
PAPER 2026 QUESTIONS WITH SOLUTIONS
GRADED A+
◉race conditions. Answer: A type of software development
vulnerability that occurs when multiple processes or multiple
threads within a process control or share access to a particular
resource, and the correct handling of that resource depends on the
proper ordering or timing of transactions
◉input validation. Answer: a type of attack that can occur when we
fail to validate the input to our applications or take steps to filter out
unexpected or undesirable content
◉format string attack. Answer: a type of input validation attacks in
which certain print functions within a programming language can be
used to manipulate or view the internal memory of an application
◉authentication attack. Answer: A type of attack that can occur
when we fail to use strong authentication mechanisms for our
applications
,◉authorization attack. Answer: A type of attack that can occur when
we fail to use authorization best practices for our applications
◉cryptographic attack. Answer: A type of attack that can occur
when we fail to properly design our security mechanisms when
implementing cryptographic controls in our applications
◉client-side attack. Answer: A type of attack that takes advantage of
weaknesses in the software loaded on client machines or one that
uses social engineering techniques to trick us into going along with
the attack
◉XSS (Cross Site Scripting). Answer: an attack carried out by placing
code in the form of a scripting language into a web page or other
media that is interpreted by a client browser
◉XSRF (cross-site request forgery). Answer: an attack in which the
attacker places a link on a web page in such a way that it will be
automatically executed to initiate a particular activity on another
web page or application where the user is currently authenticated
◉clickjacking. Answer: An attack that takes advantage of the
graphical display capabilities of our browser to trick us into clicking
on something we might not otherwise
,◉server-side attack. Answer: A type of attack on the web server that
can target vulnerabilities such as lack of input validation, improper
or inadequate permissions, or extraneous files left on the server
from the development process
◉Protocol issues, unauthenticated access, arbitrary code execution,
and privilege escalation. Answer: Name the 4 main categories of
database security issues
◉web application analysis tool. Answer: A type of tool that analyzes
web pages or web-based applications and searches for common
flaws such as XSS or SQL injection flaws, and improperly set
permissions, extraneous files, outdated software versions, and many
more such items
◉protocol issues. Answer: unauthenticated flaws in network
protocols, authenticated flaws in network protocols, flaws in
authentication protocols
◉arbitrary code execution. Answer: An attack that exploits an
applications vulnerability into allowing the attacker to execute
commands on a user's computer.
* arbitrary code execution in intrinsic or securable SQL elements
, ◉Privilege Escalation. Answer: An attack that exploits a
vulnerability in software to gain access to resources that the user
normally would be restricted from accessing.
* via SQL injection or local issues
◉validating user inputs. Answer: a security best practice for all
software
* the most effective way of mitigating SQL injection attacks
◉Nikto (and Wikto). Answer: A web server analysis tool that
performs checks for many common server-side vulnerabilities &
creates an index of all the files and directories it can see on the
target web server (a process known as spidering)
◉burp suite. Answer: A well-known GUI web analysis tool that offers
a free and professional version; the pro version includes advanced
tools for conducting more in-depth attacks
◉fuzzer. Answer: A type of tool that works by bombarding our
applications with all manner of data and inputs from a wide variety
of sources, in the hope that we can cause the application to fail or to
perform in unexpected ways
◉MiniFuzz File Fuzzer. Answer: A tool developed by Microsoft to
find flaws in file-handling source code
INFORMATION SECURITY ACTUAL TEST
PAPER 2026 QUESTIONS WITH SOLUTIONS
GRADED A+
◉race conditions. Answer: A type of software development
vulnerability that occurs when multiple processes or multiple
threads within a process control or share access to a particular
resource, and the correct handling of that resource depends on the
proper ordering or timing of transactions
◉input validation. Answer: a type of attack that can occur when we
fail to validate the input to our applications or take steps to filter out
unexpected or undesirable content
◉format string attack. Answer: a type of input validation attacks in
which certain print functions within a programming language can be
used to manipulate or view the internal memory of an application
◉authentication attack. Answer: A type of attack that can occur
when we fail to use strong authentication mechanisms for our
applications
,◉authorization attack. Answer: A type of attack that can occur when
we fail to use authorization best practices for our applications
◉cryptographic attack. Answer: A type of attack that can occur
when we fail to properly design our security mechanisms when
implementing cryptographic controls in our applications
◉client-side attack. Answer: A type of attack that takes advantage of
weaknesses in the software loaded on client machines or one that
uses social engineering techniques to trick us into going along with
the attack
◉XSS (Cross Site Scripting). Answer: an attack carried out by placing
code in the form of a scripting language into a web page or other
media that is interpreted by a client browser
◉XSRF (cross-site request forgery). Answer: an attack in which the
attacker places a link on a web page in such a way that it will be
automatically executed to initiate a particular activity on another
web page or application where the user is currently authenticated
◉clickjacking. Answer: An attack that takes advantage of the
graphical display capabilities of our browser to trick us into clicking
on something we might not otherwise
,◉server-side attack. Answer: A type of attack on the web server that
can target vulnerabilities such as lack of input validation, improper
or inadequate permissions, or extraneous files left on the server
from the development process
◉Protocol issues, unauthenticated access, arbitrary code execution,
and privilege escalation. Answer: Name the 4 main categories of
database security issues
◉web application analysis tool. Answer: A type of tool that analyzes
web pages or web-based applications and searches for common
flaws such as XSS or SQL injection flaws, and improperly set
permissions, extraneous files, outdated software versions, and many
more such items
◉protocol issues. Answer: unauthenticated flaws in network
protocols, authenticated flaws in network protocols, flaws in
authentication protocols
◉arbitrary code execution. Answer: An attack that exploits an
applications vulnerability into allowing the attacker to execute
commands on a user's computer.
* arbitrary code execution in intrinsic or securable SQL elements
, ◉Privilege Escalation. Answer: An attack that exploits a
vulnerability in software to gain access to resources that the user
normally would be restricted from accessing.
* via SQL injection or local issues
◉validating user inputs. Answer: a security best practice for all
software
* the most effective way of mitigating SQL injection attacks
◉Nikto (and Wikto). Answer: A web server analysis tool that
performs checks for many common server-side vulnerabilities &
creates an index of all the files and directories it can see on the
target web server (a process known as spidering)
◉burp suite. Answer: A well-known GUI web analysis tool that offers
a free and professional version; the pro version includes advanced
tools for conducting more in-depth attacks
◉fuzzer. Answer: A type of tool that works by bombarding our
applications with all manner of data and inputs from a wide variety
of sources, in the hope that we can cause the application to fail or to
perform in unexpected ways
◉MiniFuzz File Fuzzer. Answer: A tool developed by Microsoft to
find flaws in file-handling source code
