WGU C725 Exam Guide 8th Edition Questions and Answers Latest 2024 (Graded A+)

WGU C725 Exam Guide 8th Edition Questions and Answers Latest 2024 (Graded A+). Back doors are undocumented command sequences that allow individuals with knowledge of the back door to bypass normal access restrictions. Domain 3: Security Architecture and Engineering 3.6 Assess and mitigate vulnerabilities in web-based systems Application Attacks - Ben's system was infected by malicious code that modified the operating system to allow the malicious code author to gain access to his files. What type of exploit did this attacker engage in? A Escalation of privilege B Back door C Rootkit D Buffer overflow Buffer Overflow Buffer overflow attacks allow an attacker to modify the contents of a system's memory by writing beyond the space allocated for a variable. Domain 3: Security Architecture and Engineering 3.6 Assess and mitigate vulnerabilities in web-based systems Application Attacks - What type of application vulnerability most directly allows an attacker to modify the contents of a system's memory? WGU C725 Exam Study Guide 8th Edition Questions and Answers | Latest A+ A TOC/TOU B Back door C Rootkit D Buffer overflow Reflected Input Cross-site scripting attacks are successful only against web applications that include reflected input. Domain 8: Software Development Security 8.5 Define and apply secure coding guidelines and standards Web App Security - What condition is necessary on a web page for it to be used in a crosssite scripting attack? A .NET technology B Database-driven content C Reflected input D CGI scripts Stuxnet Stuxnet was a highly sophisticated worm designed to destroy nuclear enrichment centrifuges attached to Siemens controllers. 3.0 Domain 3: Security Architecture and Engineering 3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements Malicious Code - What worm was the first to cause major physical damage to a facility? A Melissa B RTM C Stuxnet D Code Red DMZ (demilitarized zone) The DMZ (demilitarized zone) is designed to house systems like web servers that must be accessible from both the internal and external networks. Domain 8: Software Development Security 8.2 Identify and apply security controls in development environments Web App Security - You are the security administrator for an e-commerce company and are placing a new web server into production. What network zone should you use? A Intranet B Sandbox C Internet D DMZ fsas3alG Except option C, the choices are forms of common words that might be found during a dictionary attack. mike is a name and would be easily detected. elppa is simply apple spelled backward, and dayorange combines two dictionary words. Crack and other utilities can easily see through these "sneaky" techniques. Option C is simply a random string of characters that a dictionary attack would not uncover. Domain 3: Security Architecture and Engineering 3.6 Assess and mitigate vulnerabilities in web-based systems Password Attacks - Which one of the following passwords is least likely to be compromised during a dictionary attack? A elppa B dayorange C fsas3alG D mike Salting Salting passwords adds a random value to the password prior to hashing, making it impractical to construct a rainbow table of all possible values. 3.0 Domain 3: Security Architecture and Engineering 3.6 Assess and mitigate vulnerabilities in web-based systems Password Attacks - What technique may be used to limit the effectiveness of rainbow table attacks? A Salting B Hashing C Transport encryption D Digital signatures Port Scan Port scans reveal the ports associated with services running on a machine and available to the public. 3.0 Domain 3: Security Architecture and Engineering 3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements Reconnaissance Attacks - What type of reconnaissance attack provides attackers with useful information about the services running on a system? A Dumpster diving B Port scan C Session hijacking D IP sweep LastPass LastPass is a tool that allows users to create unique, strong passwords for each service they use without the burden of memorizing them all. 3.0 Domain 3: Security Architecture and Engineering 3.6 Assess and mitigate vulnerabilities in web-based systems Password Attacks - Which one of the following tools provides a solution to the problem of users forgetting complex passwords? A Tripwire B Shadow password files C Crack D LastPass Zero-Day Exploit While an advanced persistent threat (APT) may leverage any of these attacks, they are most closely associated with zero-day attacks. 3.0 Domain 3: Security Architecture and Engineering 3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements Malicious Code - Which one of the following techniques is most closely associated with APT (Advanced Persistent Threat) attacks? A Social engineering B Zero-day exploit C SQL injection D Trojan horse The SCRIPT (Note: enclosed in ) tag is used to indicate the beginning of an executable client-side script and is used in reflected input to create a cross-site scripting attack. Domain 3: Security Architecture and Engineering 3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements Malicious Code - What HTML tag is often used as part of a cross-site scripting (XSS) attack? (Note: enclosed in Quizlet won't allow around answers due to cross-site scripting (XSS) ) A H1 B SCRIPT C XSS D HEAD The single quote character (') is used in SQL queries and must be handled carefully on web forms to protect against SQL injection attacks. Domain 8: Software Development Security 8.2 Identify and apply security controls in development environments Web App Security - What character should always be treated carefully when encountered as user input on a web form? A ' B ! C & D * Polymorphism In an attempt to avoid detection by signature-based antivirus software packages, polymorphic viruses modify their own code each time they infect a system. Domain 3: Security Architecture and Engineering 3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements Malicious Code - What advanced virus technique modifies the malicious code of a virus on each system it infects? A Encryption B Stealth C Polymorphism D Multipartitism TOCOU The time of check to time of use (TOCTOU) attack relies on the timing of the execution of two events. Domain 3: Security Architecture and Engineering 3.6 Assess and mitigate vulnerabilities in web-based systems Application Attacks - Which one of the following types of attacks relies on the difference between the timing of two events? A Land B Fraggle C Smurf D TOCTOU Multipartite Virus Multipartite viruses use two or more propagation techniques (for example, file infection and boot sector infection) to maximize their reach. Domain 3: Security Architecture and Engineering 3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements Malicious Code - What type of virus utilizes more than one propagation technique to maximize the number of penetrated systems? A Multipartite virus B Stealth virus C Companion virus D Polymorphic virus Stored Procedures Developers of web applications should leverage database stored procedures to limit the application's ability to execute arbitrary code. With stored procedures, the SQL statement resides on the database server and may only be modified by database administrators. Domain 8: Software Development Security 8.5 Define and apply secure coding guidelines and standards Web App Security - What database technology, if implemented for web forms, can limit the potential for SQL injection attacks? A Triggers B Concurrency control C Column encryption D Stored procedures Sandbox The Java sandbox isolates applets and allows them to run within a protected environment, limiting the effect they may have on the rest of the system. Domain 3: Security Architecture and Engineering 3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements Malicious Code - What technology does the Java language use to minimize the threat posed by applets? A Confidentiality B Sandbox C Stealth D Encryption Packets with internal source IP addresses should not be allowed to enter the network from the outside because they are likely spoofed. Domain 3: Security Architecture and Engineering 3.6 Assess and mitigate vulnerabilities in web-based systems Masquerading Attacks - When designing firewall rules to prevent IP spoofing, which of the following principles should you follow? A Packets with external source IP addresses don't enter the network from the outside. B Packets with public IP addresses don't pass through the router in either direction. C Packets with internal source IP addresses don't exit the network from the inside. D Packets with internal source IP addresses don't enter the network from the outside. Input Validation Input validation prevents cross-site scripting attacks by limiting user input to a predefined range. This prevents the attacker from including the HTML SCRIPT tag in the input. (Note: SCRIPT should be enclosed in tags) Domain 8: Software Development Security 8.2 Identify and apply security controls in development environments Web App Security - What is the most effective defense against cross-site scripting attacks? A User authentication B Input validation C Limiting account privileges D Encryption Polyinstantiation Polyinstantiation allows the insertion of multiple records that appear to have the same primary key values into a database at different classification levels. Domain 8: Software Development Security 8.2 Identify and apply security controls in development environments Establishing Database and Data Warehousing - What database technique can be used to prevent unauthorized users from determining classified information by noticing the absence of information normally available to them? A Manipulation B Inference C Aggregation D Polyinstantiation ODBC acts as a proxy between applications and the backend DBMS. Domain 8: Software Development Security 8.2 Identify and apply security controls in development environments Establishing Database and Data Warehousing - Which of the following acts as a proxy between an application and a database to support interaction and simplify the work of programmers? A ODBC B DSS C Abstraction D SDLC