WGU D 385 So ftware Security and Testing Exam 2024 New Latest Updated Version w ith All Questions and 100% C orrect Answers What is CORS? --------- Correct Answer ---------- CORS (cross origin resource sharing) is a way to relax the browsers SOP (same origin policy - ensures certain resources are accessible only to documents with the same origin) What is the difference between the intentions of CORS and CSRF resistance? --------- Correct Answer ---------- The purpose of CSRF (cross site request forgery) resistance is to reject unintentional malicious requests for the sake of safety. The purpose of CORS is accept intentional requests for feature functionality.. relaxes the SOP. Which security vulnerability is shown? A. Man -in-the-middle B. Cross -site scripting C. Denial of service D. Code injection --------- Correct Answer --------- A. Man -in-the-middle Consider the following assertion statement: def authorizeAdmin(usr): assert isinstance(usr, list) and usr != [], "No user found" assert 'admin' in usr, "No admin found." print("You are granted full access to the application.") If __name__ == '__main__': authorizeAdmin(['user']) What should be the response after running the code? A. AssertionError: No admin found B. AssertionError: No user found C. Authorized User D. You are granted full access to the application --------- Correct Answer --------- A. AssertionError: No admin found A security analyst has noticed a vulnerability in which an attacker took over multiple users' accounts. Which vulnerability did the security analyst encounter? A. Broken access control B. Broken function level authorization C. API mass assignment D. Privilege escalation --------- Correct Answer --------- A. Broken access control Which method is used for a SQL injection attack? ---------- Correct Answer ---------- - exploiting query parameters What does cross -origin resource sharing (CORS) allow users to do? ---------- Correct Answer ---------- - Override same starting policy for specific resources Which protocol caches a token after it has been acquired? ---------- Correct Answer ------
---- - MSAL When creating a new user, an administrator must submit the following fields to an API endpoint: Name Email Address Password IsAdmin What is the best way to ensure the API is protected against privilege escalation? A. Implement resource and field -level access control B. Ensure incoming requests are rate limited C. Remove IsAdmin from the endpoint D. Encrypt the incoming request --------- Correct Answer --------- A. Implement resource and field -level access control Which method is used for a SQL injection attack? A. Exploiting query parameters B. Passing safe query parameters C. Using SQL composition D. Utilizing literal parameters --------- Correct Answer --------- A. Exploiting query parameters What does cross -origin resource sharing (CORS) allow users to do? A. Override same starting policy for specific resources B. Connect web security models C. Prevent the passing of credentials D. Protect the client header from exposure --------- Correct Answer --------- A. Override same starting policy for specific resources Which protocol caches a token after it has been acquired? A. MSAL B. Auth0 C. LDAP D. ACL --------- Correct Answer --------- A. MSAL Consider the following API code snippet: import requests url = 'https://website.com/' # Get request result = requests.get(url) # Print request print(result.content.decode()) Which status code will the server return? A. 403 B. 200 C. 401 D. 400 --------- Correct Answer --------- A. 403 The user submits the following request to an API endpoint that requires a header: import requests url = 'https://api.github.com/invalid' try: request_response = requests.get(url) # If the response was successful, no Exception will be raised request_response.raise_for_status() except Exception as err: print(f'Other error occurred: {err}') else: print('Success!') Which response code will the user most likely be presented with? A. 404—"Not found" B. 200—"OK" C. 400—"Bad request" D. 401—"Unauthorized" --------- Correct Answer --------- A. 404—"Not found" What is the primary defense against log injection attacks? A. Sanitize outbound log messages B. Do not use parameterized stored procedures in the database C. Allow all users to write to these logs D. Use API calls to log actions --------- Correct Answer --------- A. Sanitize outbound log messages An attacker exploits a cross -site scripting vulnerability. What is the attacker able to do? A. Access the user's data B. Execute a shell command or script C. Discover other users' credentials D. Gain access to sensitive files on the server --------- Correct Answer --------- A. Access the user's data Which Python function is prone to a potential code injection attack? A. eval() B. type() C. print() D. append() --------- Correct Answer --------- A. eval() What are two common defensive coding techniques? A. Check functional preconditions and postconditions B. Encrypt passwords and email submissions C. Adjust length and encoding of messages D. Develop code with exceptions to find errors --------- Correct Answer --------- A. Check functional preconditions and postconditions Which package is meant for internal use by Python for regression testing? A. test B. regress test C. doctest D. assert --------- Correct Answer --------- A. test A security analyst is reviewing code for improper input validation. Which type of input validation does this code show? isValidNumber = False while not isValidNumber: try: pickedNumber = int(input('Pick a number from 1 to 10')) if pickedNumber >= 1 and pickedNumber <= 10: isValidNumber = True except: print('You must enter a valid number from 1 to 10') print('You picked the number ' + str(pickedNumber))
Alle Vorteile der Zusammenfassungen von Stuvia auf einen Blick:
Garantiert gute Qualität durch Reviews
Stuvia Verkäufer haben mehr als 700.000 Zusammenfassungen beurteilt. Deshalb weißt du dass du das beste Dokument kaufst.
Schnell und einfach kaufen
Man bezahlt schnell und einfach mit iDeal, Kreditkarte oder Stuvia-Kredit für die Zusammenfassungen. Man braucht keine Mitgliedschaft.
Konzentration auf den Kern der Sache
Deine Mitstudenten schreiben die Zusammenfassungen. Deshalb enthalten die Zusammenfassungen immer aktuelle, zuverlässige und up-to-date Informationen. Damit kommst du schnell zum Kern der Sache.
Häufig gestellte Fragen
Was bekomme ich, wenn ich dieses Dokument kaufe?
Du erhältst eine PDF-Datei, die sofort nach dem Kauf verfügbar ist. Das gekaufte Dokument ist jederzeit, überall und unbegrenzt über dein Profil zugänglich.
Zufriedenheitsgarantie: Wie funktioniert das?
Unsere Zufriedenheitsgarantie sorgt dafür, dass du immer eine Lernunterlage findest, die zu dir passt. Du füllst ein Formular aus und unser Kundendienstteam kümmert sich um den Rest.
Wem kaufe ich diese Zusammenfassung ab?
Stuvia ist ein Marktplatz, du kaufst dieses Dokument also nicht von uns, sondern vom Verkäufer johnwachi22. Stuvia erleichtert die Zahlung an den Verkäufer.
Werde ich an ein Abonnement gebunden sein?
Nein, du kaufst diese Zusammenfassung nur für 21,74 €. Du bist nach deinem Kauf an nichts gebunden.
