WGU D385 OA EXAM / WGU D385 LOGGING
AND SECURITY ISSUES OBJECTIVE
ASSESSMENT NEWEST 2024 ACTUAL EXAM
TEST BANK 200 QUESTIONS AND CORRECT
DETAILED ANSWERS (VERIFIED ANSWERS)
|ALREADY GRADED A+
What happens if a cookie is set without a max-age directive?
- ...ANSWER...The browser will automatically use a
browser-length session where the browser keeps the cookie
alive for as long as the tab stays open.
What do simple cache-based sessions do? -
...ANSWER...Allow you to store session state in a cache
service like Memcached or Redis. A cache service is fast,
but data can potentially be lost. Because these are session
states, data loss can just mean the user logs in again.
What do write-through cache-based sessions do?
- ...ANSWER...Allow you to combine a cache service and a
database to manage session state. When Django writes
sessions state to the cache, it'll also write through to the
database.
What does Django use the SECRET_KEY setting for? -
...ANSWER...Keyed hashing (not encryption)
WGU D385
,What is salting? - ...ANSWER...A way to
compute a
different hash value from two or more identical
messages.
East message is paired with a unique salt (a random string
of
bytes)
.
What is the safest way to hash passwords? Why?
- ...ANSWER...Key Derivation Functions (KDFs). These
functions consume a lot of resources and are slow, making
them much more difficult to crack. You determine how slow
it is by adjusting the configuration parameters you give it
What is the most widely used KDF (key derivative function)
in Python? What is the newer better replacement for it?
- ...ANSWER...PBKDF2 (password-based key derivative
function 2) is the old standard, Argon2 is the replacement
(uses memory intensiveness in addition to the classic
computational intensiveness).
What is the difference between authorization and
authentication? - ...ANSWER...Authentication relates to
who a user is. Authorization relates to what a user can do.
What is a permission? - ...ANSWER...The most atomic form
of authorization. It allows a person, or group of people, to
do
one and only one
WGU D385
,thing.
What are groups for? - ...ANSWER...Groups provide a way
to associate a set of permissions with a set of users.
What is OAuth2? - ...ANSWER...An industry standard
authorization protocol that enables users to authorize
thirdparty access to protected resources without exposing
their credentials to the third party. (Ex: log in with Google)
What penetration test involves attempting to have users
divulge sensitive information - ...ANSWER...Social
engineering
test
What is remote dial-up war dialing? - ...ANSWER...A
security testing technique used to identify and assess the
vulnerability of remote access systems, such as modems or
remote access servers, to unauthorized access. Countless
attempts (brute force) to connect to modems are made in this
test.
What does a web application penetration test do? -
...ANSWER...Aims to identify gaps in components that
house web application resources, such as the source code.
What is HTML-injection? - ...ANSWER...An attacker
injects malicious HTML code in web applications that can
accept user input (like forms). These attacks exploit forms
WGU D385
, that take input without properly validating or sanitizing the
input.
What tests are involved in mobile application penetration
testing? - ...ANSWER...1. Static analysis- extracting
elements (metadata and source code) and using them to
perform reverse engineering.
2. Dynamic analysis- finding vulnerabilities while the
application is running on the device.
What steps are involved in web application penetration
testing? - ...ANSWER...Reconnaissance- gathering info
about the OS, services, and resources being used.
Discovery- attempting to find vulnerabilities.
Exploit- using the vulnerabilities to gain
unauthorized
access to sensitive data or systems.
What is data integrity? - ...ANSWER...Ensures that data is
free of accidental corruption. Verifies the data is read just as
it was written. Answers the question "Has the data
changes?"
What is data authentication? - ...ANSWER...Ensures that
the
data reader can verify the identity of the data writer.
Answers the question "Who authored this
data?"
What is nonrepudiation? - ...ANSWER...The assurance that
WGU D385
AND SECURITY ISSUES OBJECTIVE
ASSESSMENT NEWEST 2024 ACTUAL EXAM
TEST BANK 200 QUESTIONS AND CORRECT
DETAILED ANSWERS (VERIFIED ANSWERS)
|ALREADY GRADED A+
What happens if a cookie is set without a max-age directive?
- ...ANSWER...The browser will automatically use a
browser-length session where the browser keeps the cookie
alive for as long as the tab stays open.
What do simple cache-based sessions do? -
...ANSWER...Allow you to store session state in a cache
service like Memcached or Redis. A cache service is fast,
but data can potentially be lost. Because these are session
states, data loss can just mean the user logs in again.
What do write-through cache-based sessions do?
- ...ANSWER...Allow you to combine a cache service and a
database to manage session state. When Django writes
sessions state to the cache, it'll also write through to the
database.
What does Django use the SECRET_KEY setting for? -
...ANSWER...Keyed hashing (not encryption)
WGU D385
,What is salting? - ...ANSWER...A way to
compute a
different hash value from two or more identical
messages.
East message is paired with a unique salt (a random string
of
bytes)
.
What is the safest way to hash passwords? Why?
- ...ANSWER...Key Derivation Functions (KDFs). These
functions consume a lot of resources and are slow, making
them much more difficult to crack. You determine how slow
it is by adjusting the configuration parameters you give it
What is the most widely used KDF (key derivative function)
in Python? What is the newer better replacement for it?
- ...ANSWER...PBKDF2 (password-based key derivative
function 2) is the old standard, Argon2 is the replacement
(uses memory intensiveness in addition to the classic
computational intensiveness).
What is the difference between authorization and
authentication? - ...ANSWER...Authentication relates to
who a user is. Authorization relates to what a user can do.
What is a permission? - ...ANSWER...The most atomic form
of authorization. It allows a person, or group of people, to
do
one and only one
WGU D385
,thing.
What are groups for? - ...ANSWER...Groups provide a way
to associate a set of permissions with a set of users.
What is OAuth2? - ...ANSWER...An industry standard
authorization protocol that enables users to authorize
thirdparty access to protected resources without exposing
their credentials to the third party. (Ex: log in with Google)
What penetration test involves attempting to have users
divulge sensitive information - ...ANSWER...Social
engineering
test
What is remote dial-up war dialing? - ...ANSWER...A
security testing technique used to identify and assess the
vulnerability of remote access systems, such as modems or
remote access servers, to unauthorized access. Countless
attempts (brute force) to connect to modems are made in this
test.
What does a web application penetration test do? -
...ANSWER...Aims to identify gaps in components that
house web application resources, such as the source code.
What is HTML-injection? - ...ANSWER...An attacker
injects malicious HTML code in web applications that can
accept user input (like forms). These attacks exploit forms
WGU D385
, that take input without properly validating or sanitizing the
input.
What tests are involved in mobile application penetration
testing? - ...ANSWER...1. Static analysis- extracting
elements (metadata and source code) and using them to
perform reverse engineering.
2. Dynamic analysis- finding vulnerabilities while the
application is running on the device.
What steps are involved in web application penetration
testing? - ...ANSWER...Reconnaissance- gathering info
about the OS, services, and resources being used.
Discovery- attempting to find vulnerabilities.
Exploit- using the vulnerabilities to gain
unauthorized
access to sensitive data or systems.
What is data integrity? - ...ANSWER...Ensures that data is
free of accidental corruption. Verifies the data is read just as
it was written. Answers the question "Has the data
changes?"
What is data authentication? - ...ANSWER...Ensures that
the
data reader can verify the identity of the data writer.
Answers the question "Who authored this
data?"
What is nonrepudiation? - ...ANSWER...The assurance that
WGU D385
