100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
C836 WGU COMPLETE all Questions & answers solved accurately with Complete Solution Graded A+ latest version CA$18.81   Add to cart

Exam (elaborations)

C836 WGU COMPLETE all Questions & answers solved accurately with Complete Solution Graded A+ latest version

 0 view  0 purchase

C836 WGU COMPLETE all Questions & answers solved accurately with Complete Solution Graded A+ latest version

Preview 3 out of 22  pages

  • July 6, 2024
  • 22
  • 2023/2024
  • Exam (elaborations)
  • Questions & answers
All documents for this subject (202)
avatar-seller
TUTORSON
C836 WGU COMPLETE


bounds checking - CORRECT ANSWER-to set a limit on the amount of data we expect
to receive to set aside storage for that data
*required in most programming languages
* prevents buffer overflows

race conditions - CORRECT ANSWER-A type of software development vulnerability
that occurs when multiple processes or multiple threads within a process control or
share access to a particular resource, and the correct handling of that resource
depends on the proper ordering or timing of transactions

input validation - CORRECT ANSWER-a type of attack that can occur when we fail to
validate the input to our applications or take steps to filter out unexpected or undesirable
content

format string attack - CORRECT ANSWER-a type of input validation attacks in which
certain print functions within a programming language can be used to manipulate or
view the internal memory of an application

authentication attack - CORRECT ANSWER-A type of attack that can occur when we
fail to use strong authentication mechanisms for our applications

authorization attack - CORRECT ANSWER-A type of attack that can occur when we fail
to use authorization best practices for our applications

cryptographic attack - CORRECT ANSWER-A type of attack that can occur when we
fail to properly design our security mechanisms when implementing cryptographic
controls in our applications

client-side attack - CORRECT ANSWER-A type of attack that takes advantage of
weaknesses in the software loaded on client machines or one that uses social
engineering techniques to trick us into going along with the attack

XSS (Cross Site Scripting) - CORRECT ANSWER-an attack carried out by placing code
in the form of a scripting language into a web page or other media that is interpreted by
a client browser

,XSRF (cross-site request forgery) - CORRECT ANSWER-an attack in which the
attacker places a link on a web page in such a way that it will be automatically executed
to initiate a particular activity on another web page or application where the user is
currently authenticated

clickjacking - CORRECT ANSWER-An attack that takes advantage of the graphical
display capabilities of our browser to trick us into clicking on something we might not
otherwise

server-side attack - CORRECT ANSWER-A type of attack on the web server that can
target vulnerabilities such as lack of input validation, improper or inadequate
permissions, or extraneous files left on the server from the development process

Protocol issues, unauthenticated access, arbitrary code execution, and privilege
escalation - CORRECT ANSWER-Name the 4 main categories of database security
issues

web application analysis tool - CORRECT ANSWER-A type of tool that analyzes web
pages or web-based applications and searches for common flaws such as XSS or SQL
injection flaws, and improperly set permissions, extraneous files, outdated software
versions, and many more such items

protocol issues - CORRECT ANSWER-unauthenticated flaws in network protocols,
authenticated flaws in network protocols, flaws in authentication protocols

arbitrary code execution - CORRECT ANSWER-An attack that exploits an applications
vulnerability into allowing the attacker to execute commands on a user's computer.
* arbitrary code execution in intrinsic or securable SQL elements

Privilege Escalation - CORRECT ANSWER-An attack that exploits a vulnerability in
software to gain access to resources that the user normally would be restricted from
accessing.
* via SQL injection or local issues

validating user inputs - CORRECT ANSWER-a security best practice for all software
* the most effective way of mitigating SQL injection attacks

, Nikto (and Wikto) - CORRECT ANSWER-A web server analysis tool that performs
checks for many common server-side vulnerabilities & creates an index of all the files
and directories it can see on the target web server (a process known as spidering)

burp suite - CORRECT ANSWER-A well-known GUI web analysis tool that offers a free
and professional version; the pro version includes advanced tools for conducting more
in-depth attacks

fuzzer - CORRECT ANSWER-A type of tool that works by bombarding our applications
with all manner of data and inputs from a wide variety of sources, in the hope that we
can cause the application to fail or to perform in unexpected ways

MiniFuzz File Fuzzer - CORRECT ANSWER-A tool developed by Microsoft to find flaws
in file-handling source code

BinScope Binary Analyzer - CORRECT ANSWER-A tool developed by Microsoft to
examine source code for general good practices

SDL Regex Fuzzer - CORRECT ANSWER-A tool developed by Microsoft for testing
certain pattern-matching expressions for potential vulnerabilities

good sources of secure coding guidelines - CORRECT ANSWER-CERT, NIST 800,
BSI, an organization's internal coding guidelines

OS hardening - CORRECT ANSWER-the process of reducing the number of available
avenues through which our OS might be attacked

attack surface - CORRECT ANSWER-The total of the areas through which our
operating system might be attacked

6 main hardening categories - CORRECT ANSWER-1. Removing unnecessary
software
2. Removing or turning off unessential services
3. Making alterations to common accounts
4. Applying the principle of least privilege
5. Applying software updates in a timely manner
6. Making use of logging and auditing functions

Principle of Least Privilege - CORRECT ANSWER-states we should only allow a party
the absolute minimum permission needed for it to carry out its function

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller TUTORSON. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for CA$18.81. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

78075 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
CA$18.81
  • (0)
  Add to cart