D430 WGU FINAL EXAM 2024 COMREHENSIVE
QUESTION AND ANSWERS 100% VERIFIED
bounds checking - (correct answer) to set a limit on the amount of data we expect
to receive to set aside storage for that data
*required in most programming languages
prevents buffer overflows
race conditions - (correct answer) A type of software development vulnerability that
occurs when multiple processes or multiple threads within a process control or share
access to a particular resource, and the correct handling of that resource depends
on the proper ordering or timing of transactions
input validation - (correct answer) a type of attack that can occur when we fail to
validate the input to our applications or take steps to filter out unexpected or
undesirable content
format string attack - (correct answer) a type of input validation attacks in which
certain print functions within a programming language can be used to manipulate or
view the internal memory of an application
authentication attack - (correct answer) A type of attack that can occur when we
fail to use strong authentication mechanisms for our applications
authorization attack - (correct answer) A type of attack that can occur when we fail
to use authorization best practices for our applications
cryptographic attack - (correct answer) A type of attack that can occur when we fail
to properly design our security mechanisms when implementing cryptographic
controls in our applications
client-side attack - (correct answer) A type of attack that takes advantage of
weaknesses in the software loaded on client machines or one that uses social
engineering techniques to trick us into going along with the attack
XSS (Cross Site Scripting) - (correct answer) an attack carried out by placing code
in the form of a scripting language into a web page or other media that is interpreted
by a client browser
XSRF (cross-site request forgery) - (correct answer) an attack in which the
attacker places a link on a web page in such a way that it will be automatically
executed to initiate a particular activity on another web page or application where the
user is currently authenticated
,clickjacking - (correct answer) An attack that takes advantage of the graphical
display capabilities of our browser to trick us into clicking on something we might not
otherwise
server-side attack - (correct answer) A type of attack on the web server that can
target vulnerabilities such as lack of input validation, improper or inadequate
permissions, or extraneous files left on the server from the development process
Protocol issues, unauthenticated access, arbitrary code execution, and privilege
escalation - (correct answer) Name the 4 main categories of database security
issues
web application analysis tool - (correct answer) A type of tool that analyzes web
pages or web-based applications and searches for common flaws such as XSS or
SQL injection flaws, and improperly set permissions, extraneous files, outdated
software versions, and many more such items
protocol issues - (correct answer) unauthenticated flaws in network protocols,
authenticated flaws in network protocols, flaws in authentication protocols
arbitrary code execution - (correct answer) An attack that exploits an applications
vulnerability into allowing the attacker to execute commands on a user's computer.
arbitrary code execution in intrinsic or securable SQL elements
Privilege Escalation - (correct answer) An attack that exploits a vulnerability in
software to gain access to resources that the user normally would be restricted from
accessing.
via SQL injection or local issues
validating user inputs - (correct answer) a security best practice for all software
the most effective way of mitigating SQL injection attacks
Nikto (and Wikto) - (correct answer) A web server analysis tool that performs
checks for many common server-side vulnerabilities & creates an index of all the
files and directories it can see on the target web server (a process known as
spidering)
burp suite - (correct answer) A well-known GUI web analysis tool that offers a free
and professional version; the pro version includes advanced tools for conducting
more in-depth attacks
fuzzer - (correct answer) A type of tool that works by bombarding our applications
with all manner of data and inputs from a wide variety of sources, in the hope that
we can cause the application to fail or to perform in unexpected ways
, MiniFuzz File Fuzzer - (correct answer) A tool developed by Microsoft to find flaws
in file-handling source code
BinScope Binary Analyzer - (correct answer) A tool developed by Microsoft to
examine source code for general good practices
SDL Regex Fuzzer - (correct answer) A tool developed by Microsoft for testing
certain pattern-matching expressions for potential vulnerabilities
good sources of secure coding guidelines - (correct answer) CERT, NIST 800,
BSI, an organization's internal coding guidelines
OS hardening - (correct answer) the process of reducing the number of available
avenues through which our OS might be attacked
attack surface - (correct answer) The total of the areas through which our
operating system might be attacked
6 main hardening categories - (correct answer) 1. Removing unnecessary software
2. Removing or turning off unessential services
3. Making alterations to common accounts
4. Applying the principle of least privilege
5. Applying software updates in a timely manner
6. Making use of logging and auditing functions
Principle of Least Privilege - (correct answer) states we should only allow a party
the absolute minimum permission needed for it to carry out its function
stuxnet - (correct answer) A particularly complex and impactful item of malware
that targeted the Supervisory Control and Data Acquisition (SCADA) systems that
run various industrial processes; this piece of malware raised the bar for malware
from largely being a virtual-based attack to actually being physically destructive
anti-malware tool - (correct answer) A type of tool that uses signature matching or
anomaly detection (heuristics) to detect malware threats, either in real-time or by
performing scans of files and processes
heuristics - (correct answer) the process of anomaly detection used by anti-
malware tools to detect malware without signatures
executable space protection - (correct answer) A hardware and software-based
technology that prevents certain portions of the memory used by the operating
system and applications from being used to execute code
QUESTION AND ANSWERS 100% VERIFIED
bounds checking - (correct answer) to set a limit on the amount of data we expect
to receive to set aside storage for that data
*required in most programming languages
prevents buffer overflows
race conditions - (correct answer) A type of software development vulnerability that
occurs when multiple processes or multiple threads within a process control or share
access to a particular resource, and the correct handling of that resource depends
on the proper ordering or timing of transactions
input validation - (correct answer) a type of attack that can occur when we fail to
validate the input to our applications or take steps to filter out unexpected or
undesirable content
format string attack - (correct answer) a type of input validation attacks in which
certain print functions within a programming language can be used to manipulate or
view the internal memory of an application
authentication attack - (correct answer) A type of attack that can occur when we
fail to use strong authentication mechanisms for our applications
authorization attack - (correct answer) A type of attack that can occur when we fail
to use authorization best practices for our applications
cryptographic attack - (correct answer) A type of attack that can occur when we fail
to properly design our security mechanisms when implementing cryptographic
controls in our applications
client-side attack - (correct answer) A type of attack that takes advantage of
weaknesses in the software loaded on client machines or one that uses social
engineering techniques to trick us into going along with the attack
XSS (Cross Site Scripting) - (correct answer) an attack carried out by placing code
in the form of a scripting language into a web page or other media that is interpreted
by a client browser
XSRF (cross-site request forgery) - (correct answer) an attack in which the
attacker places a link on a web page in such a way that it will be automatically
executed to initiate a particular activity on another web page or application where the
user is currently authenticated
,clickjacking - (correct answer) An attack that takes advantage of the graphical
display capabilities of our browser to trick us into clicking on something we might not
otherwise
server-side attack - (correct answer) A type of attack on the web server that can
target vulnerabilities such as lack of input validation, improper or inadequate
permissions, or extraneous files left on the server from the development process
Protocol issues, unauthenticated access, arbitrary code execution, and privilege
escalation - (correct answer) Name the 4 main categories of database security
issues
web application analysis tool - (correct answer) A type of tool that analyzes web
pages or web-based applications and searches for common flaws such as XSS or
SQL injection flaws, and improperly set permissions, extraneous files, outdated
software versions, and many more such items
protocol issues - (correct answer) unauthenticated flaws in network protocols,
authenticated flaws in network protocols, flaws in authentication protocols
arbitrary code execution - (correct answer) An attack that exploits an applications
vulnerability into allowing the attacker to execute commands on a user's computer.
arbitrary code execution in intrinsic or securable SQL elements
Privilege Escalation - (correct answer) An attack that exploits a vulnerability in
software to gain access to resources that the user normally would be restricted from
accessing.
via SQL injection or local issues
validating user inputs - (correct answer) a security best practice for all software
the most effective way of mitigating SQL injection attacks
Nikto (and Wikto) - (correct answer) A web server analysis tool that performs
checks for many common server-side vulnerabilities & creates an index of all the
files and directories it can see on the target web server (a process known as
spidering)
burp suite - (correct answer) A well-known GUI web analysis tool that offers a free
and professional version; the pro version includes advanced tools for conducting
more in-depth attacks
fuzzer - (correct answer) A type of tool that works by bombarding our applications
with all manner of data and inputs from a wide variety of sources, in the hope that
we can cause the application to fail or to perform in unexpected ways
, MiniFuzz File Fuzzer - (correct answer) A tool developed by Microsoft to find flaws
in file-handling source code
BinScope Binary Analyzer - (correct answer) A tool developed by Microsoft to
examine source code for general good practices
SDL Regex Fuzzer - (correct answer) A tool developed by Microsoft for testing
certain pattern-matching expressions for potential vulnerabilities
good sources of secure coding guidelines - (correct answer) CERT, NIST 800,
BSI, an organization's internal coding guidelines
OS hardening - (correct answer) the process of reducing the number of available
avenues through which our OS might be attacked
attack surface - (correct answer) The total of the areas through which our
operating system might be attacked
6 main hardening categories - (correct answer) 1. Removing unnecessary software
2. Removing or turning off unessential services
3. Making alterations to common accounts
4. Applying the principle of least privilege
5. Applying software updates in a timely manner
6. Making use of logging and auditing functions
Principle of Least Privilege - (correct answer) states we should only allow a party
the absolute minimum permission needed for it to carry out its function
stuxnet - (correct answer) A particularly complex and impactful item of malware
that targeted the Supervisory Control and Data Acquisition (SCADA) systems that
run various industrial processes; this piece of malware raised the bar for malware
from largely being a virtual-based attack to actually being physically destructive
anti-malware tool - (correct answer) A type of tool that uses signature matching or
anomaly detection (heuristics) to detect malware threats, either in real-time or by
performing scans of files and processes
heuristics - (correct answer) the process of anomaly detection used by anti-
malware tools to detect malware without signatures
executable space protection - (correct answer) A hardware and software-based
technology that prevents certain portions of the memory used by the operating
system and applications from being used to execute code
