,WGU D385 OA EXAM / WGU D385 LOGGING AND SECURITY ISSUES OBJECTIVE ASSESSMENT NEWEST
2024 ACTUAL EXAM TEST BANK 200 QUESTIONS AND CORRECT DETAILED ANSWERS
What is the primary defense against log injection attacks? - (ANSWER)Sanitize outbound log messages
An attacker exploits a cross-site scripting vulnerability. What is the attacker able to do? -
(ANSWER)Access the user's data
Which Python function is prone to a potential code injection attack? - (ANSWER)eval()
What are two common defensive coding techniques? - (ANSWER)Check functional and preconditions
and postconditions
Which package is meant for internal use by Python for regression testing? - (ANSWER)test
A security analyst has noticed a vulnerability in which an attacker took over multiple users' accounts.
Which vulnerability did the security analyst encounter? - (ANSWER)Broken access control
When creating a new user, an administrator must submit the following fields to an API endpoint:
Name
Email Address
Password
IsAdmin
What is the best way to ensure the API is protected against privilege escalation? -
(ANSWER)Implement resource and field-level access control
Which method is used for a SQL injection attack? - (ANSWER)Exploiting query parameters
,What does cross-origin resource sharing (CORS) allow users to do? - (ANSWER)Override same starting
policy for specific resources
Which protocol caches a token after it has been acquired? - (ANSWER)MSAL
Which response method, when sent a request, returns information about the server's response and is
delivered back to the console? - (ANSWER)response.content
Status Codes - (ANSWER)- 200 = OK
- 201 = CREATED
- 400 = BAD REQUEST
- 401 = UNAUTHORIZED
- 403 = FORBIDDEN
- 404 = NOT FOUND
- 405 = METHOD NOT ALLOWED
- 500 = INTERNAL SERVER ERROR
What is best for input validation? - (ANSWER)type(): The type() function is used to determine the type
of an object. While it's not typically used for input validation directly, it can be used to check the type
of user input to ensure it matches the expected data type (e.g., checking if an input is an integer or a
string).
Prevent log injection - (ANSWER)validate()
A user masquerades as other users, what type of attack was used? - (ANSWER)Cross Site Scripting
What is returned when using response.content - (ANSWER)returns the raw binary content of the HTTP
response as bytes.
, What can an attacker do with a log injection attack - (ANSWER)Injection of commands a parser can
execute
Which software testing relies on using old test cases? - (ANSWER)Regression testing
When should regression testing be conducted? - (ANSWER)After some code changes
Access Control Allow Origin- client request to (server) www.client.url , what does server send back? -
(ANSWER)ACAO client.urlTypes of illegal alcohol sales - (ANSWER)-underage
-third party
-visibly intoxicated
Common negligence laws - (ANSWER)-not specific to alcohol sales
-can be applied to illegal alcohol sales
-based on prior court cases
-set a standard for what a reasonablr person would do to prevent a problem
-exist in every jurisdiction
Dram shop liability laws - (ANSWER)-specific to alcohol sales
-apply only to licensees and their employees
-explain expectations got preventing illegal alcohol sales
-may sey monetary likits for financial judgements in lawsuits
-exist in somr but not all jurisdictions
Penalties for underage alcohol sales include - (ANSWER)-fines
-arrest
-jail time
-financial judgements
2024 ACTUAL EXAM TEST BANK 200 QUESTIONS AND CORRECT DETAILED ANSWERS
What is the primary defense against log injection attacks? - (ANSWER)Sanitize outbound log messages
An attacker exploits a cross-site scripting vulnerability. What is the attacker able to do? -
(ANSWER)Access the user's data
Which Python function is prone to a potential code injection attack? - (ANSWER)eval()
What are two common defensive coding techniques? - (ANSWER)Check functional and preconditions
and postconditions
Which package is meant for internal use by Python for regression testing? - (ANSWER)test
A security analyst has noticed a vulnerability in which an attacker took over multiple users' accounts.
Which vulnerability did the security analyst encounter? - (ANSWER)Broken access control
When creating a new user, an administrator must submit the following fields to an API endpoint:
Name
Email Address
Password
IsAdmin
What is the best way to ensure the API is protected against privilege escalation? -
(ANSWER)Implement resource and field-level access control
Which method is used for a SQL injection attack? - (ANSWER)Exploiting query parameters
,What does cross-origin resource sharing (CORS) allow users to do? - (ANSWER)Override same starting
policy for specific resources
Which protocol caches a token after it has been acquired? - (ANSWER)MSAL
Which response method, when sent a request, returns information about the server's response and is
delivered back to the console? - (ANSWER)response.content
Status Codes - (ANSWER)- 200 = OK
- 201 = CREATED
- 400 = BAD REQUEST
- 401 = UNAUTHORIZED
- 403 = FORBIDDEN
- 404 = NOT FOUND
- 405 = METHOD NOT ALLOWED
- 500 = INTERNAL SERVER ERROR
What is best for input validation? - (ANSWER)type(): The type() function is used to determine the type
of an object. While it's not typically used for input validation directly, it can be used to check the type
of user input to ensure it matches the expected data type (e.g., checking if an input is an integer or a
string).
Prevent log injection - (ANSWER)validate()
A user masquerades as other users, what type of attack was used? - (ANSWER)Cross Site Scripting
What is returned when using response.content - (ANSWER)returns the raw binary content of the HTTP
response as bytes.
, What can an attacker do with a log injection attack - (ANSWER)Injection of commands a parser can
execute
Which software testing relies on using old test cases? - (ANSWER)Regression testing
When should regression testing be conducted? - (ANSWER)After some code changes
Access Control Allow Origin- client request to (server) www.client.url , what does server send back? -
(ANSWER)ACAO client.urlTypes of illegal alcohol sales - (ANSWER)-underage
-third party
-visibly intoxicated
Common negligence laws - (ANSWER)-not specific to alcohol sales
-can be applied to illegal alcohol sales
-based on prior court cases
-set a standard for what a reasonablr person would do to prevent a problem
-exist in every jurisdiction
Dram shop liability laws - (ANSWER)-specific to alcohol sales
-apply only to licensees and their employees
-explain expectations got preventing illegal alcohol sales
-may sey monetary likits for financial judgements in lawsuits
-exist in somr but not all jurisdictions
Penalties for underage alcohol sales include - (ANSWER)-fines
-arrest
-jail time
-financial judgements
