WGU C836 MULTI/COMPREHENSIVE
FINAL EXAM REVIEW. CONTAINS 242
QUESTIONS AND CORRECT ANSWERS
(100% CORRECT ANSWERS) GRADED A+
Bounds checking - ANSWER: to set a limit on the amount of data we
expect to receive to set aside storage for that data
*required in most programming languages
* prevents buffer overflows
*()))($))(
)%)(&*^
Race conditions - ANSWER: A type of software development &^%$!#
vulnerability that occurs when multiple processes or multiple threads &T&^$*
&*&*($(
within a process control or share access to a particular resource, and *(%*(*(
the correct handling of that resource depends on the proper ordering %^*(*(^(
(^(*(^(*(
or timing of transactions
^(*(^*(*
(^*(*(*^
&*(*(^(*
(%$*&*
Input validation - ANSWER: a type of attack that can occur when we ^&&^%*
fail to validate the input to our applications or take steps to filter out &(*%(*
unexpected or undesirable content %
Format string attack - ANSWER: a type of input validation attacks in
which certain print functions within a programming language can be
used to manipulate or view the internal memory of an application
Authentication attack - ANSWER: A type of attack that can occur
when we fail to use strong authentication mechanisms for our
applications
, WGU C836 MULTI/COMPREHENSIVE
FINAL EXAM REVIEW. CONTAINS 242
QUESTIONS AND CORRECT ANSWERS
(100% CORRECT ANSWERS) GRADED A+
Authorization attack - ANSWER: A type of attack that can occur
when we fail to use authorization best practices for our applications
Cryptographic attack - ANSWER: A type of attack that can occur *()))($))(
when we fail to properly design our security mechanisms when )%)(&*^
&^%$!#
implementing cryptographic controls in our applications &T&^$*
&*&*($(
*(%*(*(
%^*(*(^(
Client-side attack - ANSWER: A type of attack that takes advantage (^(*(^(*(
of weaknesses in the software loaded on client machines or one that ^(*(^*(*
(^*(*(*^
uses social engineering techniques to trick us into going along with the
&*(*(^(*
attack (%$*&*
^&&^%*
&(*%(*
%
XSS (Cross Site Scripting) - ANSWER: an attack carried out by
placing code in the form of a scripting language into a web page or
other media that is interpreted by a client browser
XSRF (cross-site request forgery) - ANSWER: an attack in which the
attacker places a link on a web page in such a way that it will be
automatically executed to initiate a particular activity on another web
page or application where the user is currently authenticated
, WGU C836 MULTI/COMPREHENSIVE
FINAL EXAM REVIEW. CONTAINS 242
QUESTIONS AND CORRECT ANSWERS
(100% CORRECT ANSWERS) GRADED A+
Clickjacking - ANSWER: An attack that takes advantage of the
graphical display capabilities of our browser to trick us into clicking on
something we might not otherwise
Server-side attack - ANSWER: A type of attack on the web server
*()))($))(
that can target vulnerabilities such as lack of input validation, improper )%)(&*^
or inadequate permissions, or extraneous files left on the server from &^%$!#
the development process
&T&^$*
&*&*($(
*(%*(*(
%^*(*(^(
(^(*(^(*(
Protocol issues, unauthenticated access, arbitrary code execution, and
^(*(^*(*
privilege escalation - ANSWER: Name the 4 main categories of (^*(*(*^
database security issues &*(*(^(*
(%$*&*
^&&^%*
&(*%(*
Web application analysis tool - ANSWER: A type of tool that analyzes %
web pages or web-based applications and searches for common flaws
such as XSS or SQL injection flaws, and improperly set permissions,
extraneous files, outdated software versions, and many more such
items
Protocol issues - ANSWER: unauthenticated flaws in network
protocols, authenticated flaws in network protocols, flaws in
authentication protocols
, WGU C836 MULTI/COMPREHENSIVE
FINAL EXAM REVIEW. CONTAINS 242
QUESTIONS AND CORRECT ANSWERS
(100% CORRECT ANSWERS) GRADED A+
Arbitrary code execution - ANSWER: An attack that exploits an
applications vulnerability into allowing the attacker to execute
commands on a user's computer.
* arbitrary code execution in intrinsic or securable SQL elements
*()))($))(
)%)(&*^
&^%$!#
Privilege Escalation - ANSWER: An attack that exploits a vulnerability &T&^$*
&*&*($(
in software to gain access to resources that the user normally would be *(%*(*(
restricted from accessing. %^*(*(^(
(^(*(^(*(
* via SQL injection or local issues ^(*(^*(*
(^*(*(*^
&*(*(^(*
(%$*&*
Validating user inputs - ANSWER: a security best practice for all ^&&^%*
&(*%(*
software %
* the most effective way of mitigating SQL injection attacks
Nikto (and Wikto) - ANSWER: A web server analysis tool that
performs checks for many common server-side vulnerabilities &
creates an index of all the files and directories it can see on the
target web server (a process known as spidering)
FINAL EXAM REVIEW. CONTAINS 242
QUESTIONS AND CORRECT ANSWERS
(100% CORRECT ANSWERS) GRADED A+
Bounds checking - ANSWER: to set a limit on the amount of data we
expect to receive to set aside storage for that data
*required in most programming languages
* prevents buffer overflows
*()))($))(
)%)(&*^
Race conditions - ANSWER: A type of software development &^%$!#
vulnerability that occurs when multiple processes or multiple threads &T&^$*
&*&*($(
within a process control or share access to a particular resource, and *(%*(*(
the correct handling of that resource depends on the proper ordering %^*(*(^(
(^(*(^(*(
or timing of transactions
^(*(^*(*
(^*(*(*^
&*(*(^(*
(%$*&*
Input validation - ANSWER: a type of attack that can occur when we ^&&^%*
fail to validate the input to our applications or take steps to filter out &(*%(*
unexpected or undesirable content %
Format string attack - ANSWER: a type of input validation attacks in
which certain print functions within a programming language can be
used to manipulate or view the internal memory of an application
Authentication attack - ANSWER: A type of attack that can occur
when we fail to use strong authentication mechanisms for our
applications
, WGU C836 MULTI/COMPREHENSIVE
FINAL EXAM REVIEW. CONTAINS 242
QUESTIONS AND CORRECT ANSWERS
(100% CORRECT ANSWERS) GRADED A+
Authorization attack - ANSWER: A type of attack that can occur
when we fail to use authorization best practices for our applications
Cryptographic attack - ANSWER: A type of attack that can occur *()))($))(
when we fail to properly design our security mechanisms when )%)(&*^
&^%$!#
implementing cryptographic controls in our applications &T&^$*
&*&*($(
*(%*(*(
%^*(*(^(
Client-side attack - ANSWER: A type of attack that takes advantage (^(*(^(*(
of weaknesses in the software loaded on client machines or one that ^(*(^*(*
(^*(*(*^
uses social engineering techniques to trick us into going along with the
&*(*(^(*
attack (%$*&*
^&&^%*
&(*%(*
%
XSS (Cross Site Scripting) - ANSWER: an attack carried out by
placing code in the form of a scripting language into a web page or
other media that is interpreted by a client browser
XSRF (cross-site request forgery) - ANSWER: an attack in which the
attacker places a link on a web page in such a way that it will be
automatically executed to initiate a particular activity on another web
page or application where the user is currently authenticated
, WGU C836 MULTI/COMPREHENSIVE
FINAL EXAM REVIEW. CONTAINS 242
QUESTIONS AND CORRECT ANSWERS
(100% CORRECT ANSWERS) GRADED A+
Clickjacking - ANSWER: An attack that takes advantage of the
graphical display capabilities of our browser to trick us into clicking on
something we might not otherwise
Server-side attack - ANSWER: A type of attack on the web server
*()))($))(
that can target vulnerabilities such as lack of input validation, improper )%)(&*^
or inadequate permissions, or extraneous files left on the server from &^%$!#
the development process
&T&^$*
&*&*($(
*(%*(*(
%^*(*(^(
(^(*(^(*(
Protocol issues, unauthenticated access, arbitrary code execution, and
^(*(^*(*
privilege escalation - ANSWER: Name the 4 main categories of (^*(*(*^
database security issues &*(*(^(*
(%$*&*
^&&^%*
&(*%(*
Web application analysis tool - ANSWER: A type of tool that analyzes %
web pages or web-based applications and searches for common flaws
such as XSS or SQL injection flaws, and improperly set permissions,
extraneous files, outdated software versions, and many more such
items
Protocol issues - ANSWER: unauthenticated flaws in network
protocols, authenticated flaws in network protocols, flaws in
authentication protocols
, WGU C836 MULTI/COMPREHENSIVE
FINAL EXAM REVIEW. CONTAINS 242
QUESTIONS AND CORRECT ANSWERS
(100% CORRECT ANSWERS) GRADED A+
Arbitrary code execution - ANSWER: An attack that exploits an
applications vulnerability into allowing the attacker to execute
commands on a user's computer.
* arbitrary code execution in intrinsic or securable SQL elements
*()))($))(
)%)(&*^
&^%$!#
Privilege Escalation - ANSWER: An attack that exploits a vulnerability &T&^$*
&*&*($(
in software to gain access to resources that the user normally would be *(%*(*(
restricted from accessing. %^*(*(^(
(^(*(^(*(
* via SQL injection or local issues ^(*(^*(*
(^*(*(*^
&*(*(^(*
(%$*&*
Validating user inputs - ANSWER: a security best practice for all ^&&^%*
&(*%(*
software %
* the most effective way of mitigating SQL injection attacks
Nikto (and Wikto) - ANSWER: A web server analysis tool that
performs checks for many common server-side vulnerabilities &
creates an index of all the files and directories it can see on the
target web server (a process known as spidering)
