age 1 of 186
WGU C836 Fundamentals of Information Security Final
Exam and Study Guide
bounds checking .......Answer.........to set a limit on the amount of
data we expect to receive to set aside storage for that data
*required in most programming languages
* prevents buffer overflows
race conditions .......Answer.........A type of software development
vulnerability that occurs when multiple processes or multiple
threads within a process control or share access to a particular
resource, and the correct handling of that resource depends on
the proper ordering or timing of transactions
,age 2 of 186
input validation .......Answer.........a type of attack that can occur
when we fail to validate the input to our applications or take
steps to filter out unexpected or undesirable content
format string attack .......Answer.........a type of input validation
attacks in which certain print functions within a programming
language can be used to manipulate or view the internal
memory of an application
authentication attack .......Answer.........A type of attack that can
occur when we fail to use strong authentication mechanisms for
our applications
authorization attack .......Answer.........A type of attack that can
occur when we fail to use authorization best practices for our
applications
,age 3 of 186
cryptographic attack .......Answer.........A type of attack that can
occur when we fail to properly design our security mechanisms
when implementing cryptographic controls in our applications
client-side attack .......Answer.........A type of attack that takes
advantage of weaknesses in the software loaded on client
machines or one that uses social engineering techniques to trick
us into going along with the attack
XSS (Cross Site Scripting) .......Answer.........an attack carried out
by placing code in the form of a scripting language into a web
page or other media that is interpreted by a client browser
XSRF (cross-site request forgery) .......Answer.........an attack in
which the attacker places a link on a web page in such a way
that it will be automatically executed to initiate a particular
, age 4 of 186
activity on another web page or application where the user is
currently authenticated
SQL Injection Attack .......Answer.........Attacks against a web site
that take advantage of vulnerabilities in poorly coded SQL (a
standard and common database software application)
applications in order to introduce malicious program code into a
company's systems and networks.
clickjacking .......Answer.........An attack that takes advantage of
the graphical display capabilities of our browser to trick us into
clicking on something we might not otherwise
server-side attack .......Answer.........A type of attack on the web
server that can target vulnerabilities such as lack of input
validation, improper or inadequate permissions, or extraneous
files left on the server from the development process
WGU C836 Fundamentals of Information Security Final
Exam and Study Guide
bounds checking .......Answer.........to set a limit on the amount of
data we expect to receive to set aside storage for that data
*required in most programming languages
* prevents buffer overflows
race conditions .......Answer.........A type of software development
vulnerability that occurs when multiple processes or multiple
threads within a process control or share access to a particular
resource, and the correct handling of that resource depends on
the proper ordering or timing of transactions
,age 2 of 186
input validation .......Answer.........a type of attack that can occur
when we fail to validate the input to our applications or take
steps to filter out unexpected or undesirable content
format string attack .......Answer.........a type of input validation
attacks in which certain print functions within a programming
language can be used to manipulate or view the internal
memory of an application
authentication attack .......Answer.........A type of attack that can
occur when we fail to use strong authentication mechanisms for
our applications
authorization attack .......Answer.........A type of attack that can
occur when we fail to use authorization best practices for our
applications
,age 3 of 186
cryptographic attack .......Answer.........A type of attack that can
occur when we fail to properly design our security mechanisms
when implementing cryptographic controls in our applications
client-side attack .......Answer.........A type of attack that takes
advantage of weaknesses in the software loaded on client
machines or one that uses social engineering techniques to trick
us into going along with the attack
XSS (Cross Site Scripting) .......Answer.........an attack carried out
by placing code in the form of a scripting language into a web
page or other media that is interpreted by a client browser
XSRF (cross-site request forgery) .......Answer.........an attack in
which the attacker places a link on a web page in such a way
that it will be automatically executed to initiate a particular
, age 4 of 186
activity on another web page or application where the user is
currently authenticated
SQL Injection Attack .......Answer.........Attacks against a web site
that take advantage of vulnerabilities in poorly coded SQL (a
standard and common database software application)
applications in order to introduce malicious program code into a
company's systems and networks.
clickjacking .......Answer.........An attack that takes advantage of
the graphical display capabilities of our browser to trick us into
clicking on something we might not otherwise
server-side attack .......Answer.........A type of attack on the web
server that can target vulnerabilities such as lack of input
validation, improper or inadequate permissions, or extraneous
files left on the server from the development process
