C836 WGU QUESTIONS AND ANSWERS
LATEST UPDATE
bounds checking
to set a limit on the amount of data we expect to receive to set aside storage for that
data
*required in most programming languages
* prevents buffer overflows
race conditions
A type of software development vulnerability that occurs when multiple processes or
multiple threads within a process control or share access to a particular resource, and
the correct handling of that resource depends on the proper ordering or timing of
transactions
input validation
a type of attack that can occur when we fail to validate the input to our applications or
take steps to filter out unexpected or undesirable content
format string attack
a type of input validation attacks in which certain print functions within a programming
language can be used to manipulate or view the internal memory of an application
authentication attack
A type of attack that can occur when we fail to use strong authentication mechanisms
for our applications
authorization attack
A type of attack that can occur when we fail to use authorization best practices for our
applications
cryptographic attack
A type of attack that can occur when we fail to properly design our security mechanisms
when implementing cryptographic controls in our applications
client-side attack
A type of attack that takes advantage of weaknesses in the software loaded on client
machines or one that uses social engineering techniques to trick us into going along
with the attack
XSS (Cross Site Scripting)
an attack carried out by placing code in the form of a scripting language into a web page
or other media that is interpreted by a client browser
XSRF (cross-site request forgery)
an attack in which the attacker places a link on a web page in such a way that it will be
automatically executed to initiate a particular activity on another web page or application
where the user is currently authenticated
SQL Injection Attack
,Attacks against a web site that take advantage of vulnerabilities in poorly coded SQL (a
standard and common database software application) applications in order to introduce
malicious program code into a company's systems and networks.
clickjacking
An attack that takes advantage of the graphical display capabilities of our browser to
trick us into clicking on something we might not otherwise
server-side attack
A type of attack on the web server that can target vulnerabilities such as lack of input
validation, improper or inadequate permissions, or extraneous files left on the server
from the development process
Protocol issues, unauthenticated access, arbitrary code execution, and privilege
escalation
Name the 4 main categories of database security issues
web application analysis tool
A type of tool that analyzes web pages or web-based applications and searches for
common flaws such as XSS or SQL injection flaws, and improperly set permissions,
extraneous files, outdated software versions, and many more such items
protocol issues
unauthenticated flaws in network protocols, authenticated flaws in network protocols,
flaws in authentication protocols
arbitrary code execution
An attack that exploits an applications vulnerability into allowing the attacker to execute
commands on a user's computer.
* arbitrary code execution in intrinsic or securable SQL elements
Privilege Escalation
An attack that exploits a vulnerability in software to gain access to resources that the
user normally would be restricted from accessing.
* via SQL injection or local issues
validating user inputs
a security best practice for all software
* the most effective way of mitigating SQL injection attacks
Nikto (and Wikto)
A web server analysis tool that performs checks for many common server-side
vulnerabilities & creates an index of all the files and directories it can see on the target
web server (a process known as spidering)
burp suite
A well-known GUI web analysis tool that offers a free and professional version; the pro
version includes advanced tools for conducting more in-depth attacks
fuzzer
A type of tool that works by bombarding our applications with all manner of data and
inputs from a wide variety of sources, in the hope that we can cause the application to
fail or to perform in unexpected ways
MiniFuzz File Fuzzer
A tool developed by Microsoft to find flaws in file-handling source code
BinScope Binary Analyzer
A tool developed by Microsoft to examine source code for general good practices
, SDL Regex Fuzzer
A tool developed by Microsoft for testing certain pattern-matching expressions for
potential vulnerabilities
good sources of secure coding guidelines
CERT, NIST 800, BSI, an organization's internal coding guidelines
OS hardening
the process of reducing the number of available avenues through which our OS might
be attacked
attack surface
The total of the areas through which our operating system might be attacked
6 main hardening categories
1. Removing unnecessary software
2. Removing or turning off unessential services
3. Making alterations to common accounts
4. Applying the principle of least privilege
5. Applying software updates in a timely manner
6. Making use of logging and auditing functions
Principle of Least Privilege
states we should only allow a party the absolute minimum permission needed for it to
carry out its function
stuxnet
A particularly complex and impactful item of malware that targeted the Supervisory
Control and Data Acquisition (SCADA) systems that run various industrial processes;
this piece of malware raised the bar for malware from largely being a virtual-based
attack to actually being physically destructive
anti-malware tool
A type of tool that uses signature matching or anomaly detection (heuristics) to detect
malware threats, either in real-time or by performing scans of files and processes
heuristics
the process of anomaly detection used by anti-malware tools to detect malware without
signatures
executable space protection
A hardware and software-based technology that prevents certain portions of the
memory used by the operating system and applications from being used to execute
code
buffer overflow (overrun)
The act of inputting more data than an application is expecting from a particular input,
creating the possibility of executing commands by specifically crafting the excess data
ASLR (Address Space Layout Randomization)
a security method that involves shifting the contents of memory around to make
tampering difficult
software firewall
This type of firewall generally contains a subset of the features on a large firewall
appliance but is often capable of similar packet filtering and stateful packet inspection
activities
HIDS (host-based intrusion detection system)
LATEST UPDATE
bounds checking
to set a limit on the amount of data we expect to receive to set aside storage for that
data
*required in most programming languages
* prevents buffer overflows
race conditions
A type of software development vulnerability that occurs when multiple processes or
multiple threads within a process control or share access to a particular resource, and
the correct handling of that resource depends on the proper ordering or timing of
transactions
input validation
a type of attack that can occur when we fail to validate the input to our applications or
take steps to filter out unexpected or undesirable content
format string attack
a type of input validation attacks in which certain print functions within a programming
language can be used to manipulate or view the internal memory of an application
authentication attack
A type of attack that can occur when we fail to use strong authentication mechanisms
for our applications
authorization attack
A type of attack that can occur when we fail to use authorization best practices for our
applications
cryptographic attack
A type of attack that can occur when we fail to properly design our security mechanisms
when implementing cryptographic controls in our applications
client-side attack
A type of attack that takes advantage of weaknesses in the software loaded on client
machines or one that uses social engineering techniques to trick us into going along
with the attack
XSS (Cross Site Scripting)
an attack carried out by placing code in the form of a scripting language into a web page
or other media that is interpreted by a client browser
XSRF (cross-site request forgery)
an attack in which the attacker places a link on a web page in such a way that it will be
automatically executed to initiate a particular activity on another web page or application
where the user is currently authenticated
SQL Injection Attack
,Attacks against a web site that take advantage of vulnerabilities in poorly coded SQL (a
standard and common database software application) applications in order to introduce
malicious program code into a company's systems and networks.
clickjacking
An attack that takes advantage of the graphical display capabilities of our browser to
trick us into clicking on something we might not otherwise
server-side attack
A type of attack on the web server that can target vulnerabilities such as lack of input
validation, improper or inadequate permissions, or extraneous files left on the server
from the development process
Protocol issues, unauthenticated access, arbitrary code execution, and privilege
escalation
Name the 4 main categories of database security issues
web application analysis tool
A type of tool that analyzes web pages or web-based applications and searches for
common flaws such as XSS or SQL injection flaws, and improperly set permissions,
extraneous files, outdated software versions, and many more such items
protocol issues
unauthenticated flaws in network protocols, authenticated flaws in network protocols,
flaws in authentication protocols
arbitrary code execution
An attack that exploits an applications vulnerability into allowing the attacker to execute
commands on a user's computer.
* arbitrary code execution in intrinsic or securable SQL elements
Privilege Escalation
An attack that exploits a vulnerability in software to gain access to resources that the
user normally would be restricted from accessing.
* via SQL injection or local issues
validating user inputs
a security best practice for all software
* the most effective way of mitigating SQL injection attacks
Nikto (and Wikto)
A web server analysis tool that performs checks for many common server-side
vulnerabilities & creates an index of all the files and directories it can see on the target
web server (a process known as spidering)
burp suite
A well-known GUI web analysis tool that offers a free and professional version; the pro
version includes advanced tools for conducting more in-depth attacks
fuzzer
A type of tool that works by bombarding our applications with all manner of data and
inputs from a wide variety of sources, in the hope that we can cause the application to
fail or to perform in unexpected ways
MiniFuzz File Fuzzer
A tool developed by Microsoft to find flaws in file-handling source code
BinScope Binary Analyzer
A tool developed by Microsoft to examine source code for general good practices
, SDL Regex Fuzzer
A tool developed by Microsoft for testing certain pattern-matching expressions for
potential vulnerabilities
good sources of secure coding guidelines
CERT, NIST 800, BSI, an organization's internal coding guidelines
OS hardening
the process of reducing the number of available avenues through which our OS might
be attacked
attack surface
The total of the areas through which our operating system might be attacked
6 main hardening categories
1. Removing unnecessary software
2. Removing or turning off unessential services
3. Making alterations to common accounts
4. Applying the principle of least privilege
5. Applying software updates in a timely manner
6. Making use of logging and auditing functions
Principle of Least Privilege
states we should only allow a party the absolute minimum permission needed for it to
carry out its function
stuxnet
A particularly complex and impactful item of malware that targeted the Supervisory
Control and Data Acquisition (SCADA) systems that run various industrial processes;
this piece of malware raised the bar for malware from largely being a virtual-based
attack to actually being physically destructive
anti-malware tool
A type of tool that uses signature matching or anomaly detection (heuristics) to detect
malware threats, either in real-time or by performing scans of files and processes
heuristics
the process of anomaly detection used by anti-malware tools to detect malware without
signatures
executable space protection
A hardware and software-based technology that prevents certain portions of the
memory used by the operating system and applications from being used to execute
code
buffer overflow (overrun)
The act of inputting more data than an application is expecting from a particular input,
creating the possibility of executing commands by specifically crafting the excess data
ASLR (Address Space Layout Randomization)
a security method that involves shifting the contents of memory around to make
tampering difficult
software firewall
This type of firewall generally contains a subset of the features on a large firewall
appliance but is often capable of similar packet filtering and stateful packet inspection
activities
HIDS (host-based intrusion detection system)
