WGU C795 STUDY GUIDE COMPREHENSIVE
TEST BANK 2026 ANSWERS WITH
COMPLETE SOLUTIONS GRADED A+
⩥ race conditions.
Answer: A type of software development vulnerability that occurs when
multiple processes or multiple threads within a process control or share
access to a particular resource, and the correct handling of that resource
depends on the proper ordering or timing of transactions
⩥ input validation.
Answer: a type of attack that can occur when we fail to validate the
input to our applications or take steps to filter out unexpected or
undesirable content
⩥ format string attack.
Answer: a type of input validation attacks in which certain print
functions within a programming language can be used to manipulate or
view the internal memory of an application
⩥ authentication attack.
Answer: A type of attack that can occur when we fail to use strong
authentication mechanisms for our applications
,⩥ authorization attack.
Answer: A type of attack that can occur when we fail to use
authorization best practices for our applications
⩥ cryptographic attack.
Answer: A type of attack that can occur when we fail to properly design
our security mechanisms when implementing cryptographic controls in
our applications
⩥ client-side attack.
Answer: A type of attack that takes advantage of weaknesses in the
software loaded on client machines or one that uses social engineering
techniques to trick us into going along with the attack
⩥ XSS (Cross Site Scripting).
Answer: an attack carried out by placing code in the form of a scripting
language into a web page or other media that is interpreted by a client
browser
⩥ XSRF (cross-site request forgery).
Answer: an attack in which the attacker places a link on a web page in
such a way that it will be automatically executed to initiate a particular
activity on another web page or application where the user is currently
authenticated
,⩥ clickjacking.
Answer: An attack that takes advantage of the graphical display
capabilities of our browser to trick us into clicking on something we
might not otherwise
⩥ server-side attack.
Answer: A type of attack on the web server that can target vulnerabilities
such as lack of input validation, improper or inadequate permissions, or
extraneous files left on the server from the development process
⩥ Protocol issues, unauthenticated access, arbitrary code execution, and
privilege escalation.
Answer: Name the 4 main categories of database security issues
⩥ web application analysis tool.
Answer: A type of tool that analyzes web pages or web-based
applications and searches for common flaws such as XSS or SQL
injection flaws, and improperly set permissions, extraneous files,
outdated software versions, and many more such items
⩥ protocol issues.
Answer: unauthenticated flaws in network protocols, authenticated flaws
in network protocols, flaws in authentication protocols
, ⩥ arbitrary code execution.
Answer: An attack that exploits an applications vulnerability into
allowing the attacker to execute commands on a user's computer.
* arbitrary code execution in intrinsic or securable SQL elements
⩥ Privilege Escalation.
Answer: An attack that exploits a vulnerability in software to gain access
to resources that the user normally would be restricted from accessing.
* via SQL injection or local issues
⩥ validating user inputs.
Answer: a security best practice for all software
* the most effective way of mitigating SQL injection attacks
⩥ Nikto (and Wikto).
Answer: A web server analysis tool that performs checks for many
common server-side vulnerabilities & creates an index of all the files
and directories it can see on the target web server (a process known as
spidering)
⩥ burp suite.
Answer: A well-known GUI web analysis tool that offers a free and
professional version; the pro version includes advanced tools for
conducting more in-depth attacks
TEST BANK 2026 ANSWERS WITH
COMPLETE SOLUTIONS GRADED A+
⩥ race conditions.
Answer: A type of software development vulnerability that occurs when
multiple processes or multiple threads within a process control or share
access to a particular resource, and the correct handling of that resource
depends on the proper ordering or timing of transactions
⩥ input validation.
Answer: a type of attack that can occur when we fail to validate the
input to our applications or take steps to filter out unexpected or
undesirable content
⩥ format string attack.
Answer: a type of input validation attacks in which certain print
functions within a programming language can be used to manipulate or
view the internal memory of an application
⩥ authentication attack.
Answer: A type of attack that can occur when we fail to use strong
authentication mechanisms for our applications
,⩥ authorization attack.
Answer: A type of attack that can occur when we fail to use
authorization best practices for our applications
⩥ cryptographic attack.
Answer: A type of attack that can occur when we fail to properly design
our security mechanisms when implementing cryptographic controls in
our applications
⩥ client-side attack.
Answer: A type of attack that takes advantage of weaknesses in the
software loaded on client machines or one that uses social engineering
techniques to trick us into going along with the attack
⩥ XSS (Cross Site Scripting).
Answer: an attack carried out by placing code in the form of a scripting
language into a web page or other media that is interpreted by a client
browser
⩥ XSRF (cross-site request forgery).
Answer: an attack in which the attacker places a link on a web page in
such a way that it will be automatically executed to initiate a particular
activity on another web page or application where the user is currently
authenticated
,⩥ clickjacking.
Answer: An attack that takes advantage of the graphical display
capabilities of our browser to trick us into clicking on something we
might not otherwise
⩥ server-side attack.
Answer: A type of attack on the web server that can target vulnerabilities
such as lack of input validation, improper or inadequate permissions, or
extraneous files left on the server from the development process
⩥ Protocol issues, unauthenticated access, arbitrary code execution, and
privilege escalation.
Answer: Name the 4 main categories of database security issues
⩥ web application analysis tool.
Answer: A type of tool that analyzes web pages or web-based
applications and searches for common flaws such as XSS or SQL
injection flaws, and improperly set permissions, extraneous files,
outdated software versions, and many more such items
⩥ protocol issues.
Answer: unauthenticated flaws in network protocols, authenticated flaws
in network protocols, flaws in authentication protocols
, ⩥ arbitrary code execution.
Answer: An attack that exploits an applications vulnerability into
allowing the attacker to execute commands on a user's computer.
* arbitrary code execution in intrinsic or securable SQL elements
⩥ Privilege Escalation.
Answer: An attack that exploits a vulnerability in software to gain access
to resources that the user normally would be restricted from accessing.
* via SQL injection or local issues
⩥ validating user inputs.
Answer: a security best practice for all software
* the most effective way of mitigating SQL injection attacks
⩥ Nikto (and Wikto).
Answer: A web server analysis tool that performs checks for many
common server-side vulnerabilities & creates an index of all the files
and directories it can see on the target web server (a process known as
spidering)
⩥ burp suite.
Answer: A well-known GUI web analysis tool that offers a free and
professional version; the pro version includes advanced tools for
conducting more in-depth attacks
