100% de satisfacción garantizada Inmediatamente disponible después del pago Tanto en línea como en PDF No estas atado a nada
logo-home
WGU D385 Software Security and Testing Exam 2024 New Latest Updated Version with All Questions and 100% Correct Answers 21,74 €   Añadir al carrito

Examen

WGU D385 Software Security and Testing Exam 2024 New Latest Updated Version with All Questions and 100% Correct Answers

1 revisar
 136 vistas  3 veces vendidas
  • Grado
  • WGU D385 Software Security and Testing
  • Institución
  • WGU D385 Software Security And Testing

WGU D385 Software Security and Testing Exam 2024 New Latest Updated Version with All Questions and 100% Correct Answers

Vista previa 4 fuera de 37  páginas

  • 3 de marzo de 2024
  • 37
  • 2023/2024
  • Examen
  • Preguntas y respuestas
  • WGU D385 Software Security and Testing
  • WGU D385 Software Security and Testing

1  revisar

review-writer-avatar

Por: cmcgi22 • 1 mes hace

avatar-seller
WGU D 385 So ftware Security and Testing Exam 2024 New Latest Updated Version w ith All Questions and 100% C orrect Answers What is CORS? --------- Correct Answer ---------- CORS (cross origin resource sharing) is a way to relax the browsers SOP (same origin policy - ensures certain resources are accessible only to documents with the same origin) What is the difference between the intentions of CORS and CSRF resistance? --------- Correct Answer ---------- The purpose of CSRF (cross site request forgery) resistance is to reject unintentional malicious requests for the sake of safety. The purpose of CORS is accept intentional requests for feature functionality.. relaxes the SOP. Which security vulnerability is shown? A. Man -in-the-middle B. Cross -site scripting C. Denial of service D. Code injection --------- Correct Answer --------- A. Man -in-the-middle Consider the following assertion statement: def authorizeAdmin(usr): assert isinstance(usr, list) and usr != [], "No user found" assert 'admin' in usr, "No admin found." print("You are granted full access to the application.") If __name__ == '__main__': authorizeAdmin(['user']) What should be the response after running the code? A. AssertionError: No admin found B. AssertionError: No user found C. Authorized User D. You are granted full access to the application --------- Correct Answer --------- A. AssertionError: No admin found A security analyst has noticed a vulnerability in which an attacker took over multiple users' accounts. Which vulnerability did the security analyst encounter? A. Broken access control B. Broken function level authorization C. API mass assignment D. Privilege escalation --------- Correct Answer --------- A. Broken access control Which method is used for a SQL injection attack? ---------- Correct Answer ---------- - exploiting query parameters What does cross -origin resource sharing (CORS) allow users to do? ---------- Correct Answer ---------- - Override same starting policy for specific resources Which protocol caches a token after it has been acquired? ---------- Correct Answer ------
---- - MSAL When creating a new user, an administrator must submit the following fields to an API endpoint: Name Email Address Password IsAdmin What is the best way to ensure the API is protected against privilege escalation? A. Implement resource and field -level access control B. Ensure incoming requests are rate limited C. Remove IsAdmin from the endpoint D. Encrypt the incoming request --------- Correct Answer --------- A. Implement resource and field -level access control Which method is used for a SQL injection attack? A. Exploiting query parameters B. Passing safe query parameters C. Using SQL composition D. Utilizing literal parameters --------- Correct Answer --------- A. Exploiting query parameters What does cross -origin resource sharing (CORS) allow users to do? A. Override same starting policy for specific resources B. Connect web security models C. Prevent the passing of credentials D. Protect the client header from exposure --------- Correct Answer --------- A. Override same starting policy for specific resources Which protocol caches a token after it has been acquired? A. MSAL B. Auth0 C. LDAP D. ACL --------- Correct Answer --------- A. MSAL Consider the following API code snippet: import requests url = 'https://website.com/' # Get request result = requests.get(url) # Print request print(result.content.decode()) Which status code will the server return? A. 403 B. 200 C. 401 D. 400 --------- Correct Answer --------- A. 403 The user submits the following request to an API endpoint that requires a header: import requests url = 'https://api.github.com/invalid' try: request_response = requests.get(url) # If the response was successful, no Exception will be raised request_response.raise_for_status() except Exception as err: print(f'Other error occurred: {err}') else: print('Success!') Which response code will the user most likely be presented with? A. 404—"Not found" B. 200—"OK" C. 400—"Bad request" D. 401—"Unauthorized" --------- Correct Answer --------- A. 404—"Not found" What is the primary defense against log injection attacks? A. Sanitize outbound log messages B. Do not use parameterized stored procedures in the database C. Allow all users to write to these logs D. Use API calls to log actions --------- Correct Answer --------- A. Sanitize outbound log messages An attacker exploits a cross -site scripting vulnerability. What is the attacker able to do? A. Access the user's data B. Execute a shell command or script C. Discover other users' credentials D. Gain access to sensitive files on the server --------- Correct Answer --------- A. Access the user's data Which Python function is prone to a potential code injection attack? A. eval() B. type() C. print() D. append() --------- Correct Answer --------- A. eval() What are two common defensive coding techniques? A. Check functional preconditions and postconditions B. Encrypt passwords and email submissions C. Adjust length and encoding of messages D. Develop code with exceptions to find errors --------- Correct Answer --------- A. Check functional preconditions and postconditions Which package is meant for internal use by Python for regression testing? A. test B. regress test C. doctest D. assert --------- Correct Answer --------- A. test A security analyst is reviewing code for improper input validation. Which type of input validation does this code show? isValidNumber = False while not isValidNumber: try: pickedNumber = int(input('Pick a number from 1 to 10')) if pickedNumber >= 1 and pickedNumber <= 10: isValidNumber = True except: print('You must enter a valid number from 1 to 10') print('You picked the number ' + str(pickedNumber))

Los beneficios de comprar resúmenes en Stuvia estan en línea:

Garantiza la calidad de los comentarios

Garantiza la calidad de los comentarios

Compradores de Stuvia evaluaron más de 700.000 resúmenes. Así estas seguro que compras los mejores documentos!

Compra fácil y rápido

Compra fácil y rápido

Puedes pagar rápidamente y en una vez con iDeal, tarjeta de crédito o con tu crédito de Stuvia. Sin tener que hacerte miembro.

Enfócate en lo más importante

Enfócate en lo más importante

Tus compañeros escriben los resúmenes. Por eso tienes la seguridad que tienes un resumen actual y confiable. Así llegas a la conclusión rapidamente!

Preguntas frecuentes

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

100% de satisfacción garantizada: ¿Cómo funciona?

Nuestra garantía de satisfacción le asegura que siempre encontrará un documento de estudio a tu medida. Tu rellenas un formulario y nuestro equipo de atención al cliente se encarga del resto.

Who am I buying this summary from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller johnwachi22. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy this summary for 21,74 €. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

45,681 summaries were sold in the last 30 days

Founded in 2010, the go-to place to buy summaries for 14 years now

Empieza a vender
21,74 €  3x  vendido
  • (1)
  Añadir