Exam (elaborations)
C836/D430 WGU FUNDAMENTALS OF INFORMATION SECURITY 2025 WITH ACTUAL QUESTIONS AND CORRECT ANSWERS
- Course
- Institution
C836/D430 WGU FUNDAMENTALS OF INFORMATION SECURITY 2025 WITH ACTUAL QUESTIONS AND CORRECT ANSWERS
[Show more]
Content preview
C836/D430 WGU FUNDAMENTALS OFINFORMATION SECURITY 2025 WITH
ACTUAL QUESTIONS AND CORRECT
ANSWERS
bounds checking - CORRECT ANSWER-to set a limit on the amount of data we
expect to receive to set aside storage for that data
*required in most programming languages
* prevents buffer overflows
race conditions - CORRECT ANSWER-A type of software development
vulnerability that occurs when multiple processes or multiple threads within a
process control or share access to a particular resource, and the correct
handling of that resource depends on the proper ordering or timing of
transactions
input validation - CORRECT ANSWER-a type of attack that can occur when we
fail to validate the input to our applications or take steps to filter out
unexpected or undesirable content
format string attack - CORRECT ANSWER-a type of input validation attacks in
which certain print functions within a programming language can be used to
manipulate or view the internal memory of an application
authentication attack - CORRECT ANSWER-A type of attack that can occur when
we fail to use strong authentication mechanisms for our applications
,authorization attack - CORRECT ANSWER-A type of attack that can occur when
we fail to use authorization best practices for our applications
cryptographic attack - CORRECT ANSWER-A type of attack that can occur when
we fail to properly design our security mechanisms when implementing
cryptographic controls in our applications
client-side attack - CORRECT ANSWER-A type of attack that takes advantage of
weaknesses in the software loaded on client machines or one that uses social
engineering techniques to trick us into going along with the attack
XSS (Cross Site Scripting) - CORRECT ANSWER-an attack carried out by placing
code in the form of a scripting language into a web page or other media that is
interpreted by a client browser
XSRF (cross-site request forgery) - CORRECT ANSWER-an attack in which the
attacker places a link on a web page in such a way that it will be automatically
executed to initiate a particular activity on another web page or application
where the user is currently authenticated
SQL Injection Attack - CORRECT ANSWER-Attacks against a web site that take
advantage of vulnerabilities in poorly coded SQL (a standard and common
database software application) applications in order to introduce malicious
program code into a company's systems and networks.
clickjacking - CORRECT ANSWER-An attack that takes advantage of the graphical
display capabilities of our browser to trick us into clicking on something we
might not otherwise
,server-side attack - CORRECT ANSWER-A type of attack on the web server that
can target vulnerabilities such as lack of input validation, improper or
inadequate permissions, or extraneous files left on the server from the
development process
Protocol issues, unauthenticated access, arbitrary code execution, and privilege
escalation - CORRECT ANSWER-Name the 4 main categories of database
security issues
web application analysis tool - CORRECT ANSWER-A type of tool that analyzes
web pages or web-based applications and searches for common flaws such as
XSS or SQL injection flaws, and improperly set permissions, extraneous files,
outdated software versions, and many more such items
protocol issues - CORRECT ANSWER-unauthenticated flaws in network
protocols, authenticated flaws in network protocols, flaws in authentication
protocols
arbitrary code execution - CORRECT ANSWER-An attack that exploits an
applications vulnerability into allowing the attacker to execute commands on a
user's computer.
* arbitrary code execution in intrinsic or securable SQL elements
Privilege Escalation - CORRECT ANSWER-An attack that exploits a vulnerability
in software to gain access to resources that the user normally would be
restricted from accessing.
* via SQL injection or local issues
validating user inputs - CORRECT ANSWER-a security best practice for all
software
* the most effective way of mitigating SQL injection attacks
, Nikto (and Wikto) - CORRECT ANSWER-A web server analysis tool that performs
checks for many common server-side vulnerabilities & creates an index of all
the files and directories it can see on the target web server (a process known as
spidering)
good sources of secure coding guidelines - CORRECT ANSWER-CERT, NIST 800,
BSI, an organization's internal coding guidelines
OS hardening - CORRECT ANSWER-the process of reducing the number of
available avenues through which our OS might be attacked
attack surface - CORRECT ANSWER-The total of the areas through which our
operating system might be attacked
6 main hardening categories - CORRECT ANSWER-1. Removing unnecessary
software
2. Removing or turning off unessential services
3. Making alterations to common accounts
4. Applying the principle of least privilege
5. Applying software updates in a timely manner
6. Making use of logging and auditing functions
Principle of Least Privilege - CORRECT ANSWER-states we should only allow a
party the absolute minimum permission needed for it to carry out its function
stuxnet - CORRECT ANSWER-A particularly complex and impactful item of
malware that targeted the Supervisory Control and Data Acquisition (SCADA)
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Doctordih. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $19.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
64232 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 15 years now