WGU D385 OA EXAM / WGU D385 LOGGING AND SECURITY ISSUES OBJECTIVE ASSESSMENT NEWEST 2024 ACTUAL EXAM TEST BANK 200 QUESTIONS AND CORRECT DETAILED ANSWERS (VERIFIED ANSWERS) |ALREADY GRADED A+

WGU D385 OA EXAM / WGU D385 LOGGING AND
SECURITY ISSUES OBJECTIVE ASSESSMENT NEWEST
2024 ACTUAL EXAM TEST BANK 200 QUESTIONS AND
CORRECT DETAILED ANSWERS (VERIFIED ANSWERS) |
ALREADY GRADED A+
What are some common debugging techniques? - ANSWER: - printing out values of
variables
- changing the state ("path") of the program to make it do different things
- stepping through the execution of a program line by line
- breakpoints
- trace points
- stopping the program at certain events
- viewing the output of a program in a debugger window

What are some Python debugging tools? - ANSWER: - pdb: most commonly used
- Web-PDB
- wdb
- Pyflame
- objgraph

XML External Entity Attacks - ANSWER: - XXE
- when attackers exploit an XML parser to read arbitrary files on your server
- attackers might also be able to read config files, retrieve user information

Insecure Deserialization - ANSWER: - serialization is the conversion of an object in a
programming language is saved into a format that can be saved to a database
- DEserialization is when a serialized object is read from a file or the network and
converted back into an object
- INSECURE DESERIALIZATION occurs when an attacker can manipulate the serialized
object and achieve authentication bypass, DOS, or arbitrary code execution

Injection Attacks - ANSWER: - when an application cannot properly distinguish
between untrusted user data and code
- typically allows for arbitrary code execution

SQL Injection Attack Mitigation - ANSWER: - use parameterized statements

Log Injection Attack Mitigation - ANSWER: - prefixing log entries with meta-data (i.e.
timestamp)
- validate the entry before accessing or opening

Sensitive Data Leaks - ANSWER: - occurs when an application fails to properly protect
sensitive information

, - this typically occurs through descriptive response headers, descriptive error
messages with stack traces or database error messages, or revealing comments in
HTML files

Cross-site Request Forgery - ANSWER: - client-side technique used to attack other
users of a web application
- attackers send HTTP requests that pretend to come from the victim
- attackers then carry out unwanted actions such as changing a password or
transferring money from a bank account

CSRF Mitigation - ANSWER: - CSRF tokens
- SameSite cookies
- avoid using GET requests for state-changing actions

SSRF - ANSWER: - Server-side Request Forgery
- attacker us able to send requests on behalf of the server
- allows attackers to forge the request signature and assume a privileged position on
a network, bypassing firewall controls, and gaining access to internal services

SSRF Mitigation - ANSWER: - never make outbound requests based on user input
- validate external addresses before initiating any outbound requests

PDB - ANSWER: - debugger built into the Python standard library

Which three actions are supported by the Python Debugger (PDB)? (Choose 3
answers.) - ANSWER: - establishing breakpoints
- code step throughs
- stack tracing

Which three debugging techniques require the use of a debugger? (Choose 3
answers.) - ANSWER: - trace points
- breakpoints
- code step through

What do system monitoring and review of audit trails provide? - ANSWER: -
Accountability

What are the logging levels and values? - ANSWER: - DEBUG = 10
- INFO = 20
- WARNING = 30
- ERROR = 40
- CRITICAL = 50

Which logging function may indicate an impending full disk? - ANSWER: - WARNING
- indicates that there could be a problem in the immediate future