C725 WGU CISSP Study Guide 8th Edition Quizzes

C725 WGU CISSP Study Guide 8th Edition Quizzes Signature Detection Signature detection mechanisms use known descriptions of viruses to identify malicious code resident on a system. Domain 3: Security Architecture and Engineering 3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements Malicious Code - answerWhat is the most commonly used technique to protect against virus attacks? A Signature detection B Automated reconstruction C Data integrity assurance D Heuristic detection Backdoor Back doors are undocumented command sequences that allow individuals with knowledge of the back door to bypass normal access restrictions. Domain 3: Security Architecture and Engineering 3.6 Assess and mitigate vulnerabilities in web-based systems Application Attacks - answerBen's system was infected by malicious code that modified the operating system to allow the malicious code author to gain access to his files. What type of exploit did this attacker engage in? A Escalation of privilege B Back door C Rootkit D Buffer overflow Buffer Overflow Buffer overflow attacks allow an attacker to modify the contents of a system's memory by writing beyond the space allocated for a variable. Domain 3: Security Architecture and Engineering 3.6 Assess and mitigate vulnerabilities in web-based systems Application Attacks - answerWhat type of application vulnerability most directly allows an attacker to modify the contents of a system's memory? A TOC/TOU B Back door C Rootkit D Buffer overflow Reflected Input Cross-site scripting attacks are successful only against web applications that include reflected input. Domain 8: Software Development Security 8.5 Define and apply secure coding guidelines and standards Web App Security - answerWhat condition is necessary on a web page for it to be used in a cross-site scripting attack? A .NET technology B Database-driven content C Reflected input D CGI scripts Stuxnet Stuxnet was a highly sophisticated worm designed to destroy nuclear enrichment centrifuges attached to Siemens controllers. 3.0 Domain 3: Security Architecture and Engineering 3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements Malicious Code - answerWhat worm was the first to cause major physical damage to a facility? A Melissa B RTM C Stuxnet D Code Red DMZ (demilitarized zone) The DMZ (demilitarized zone) is designed to house systems like web servers that must be accessible from both the internal and external ne