Exam (elaborations)
C836 WGU COMPLETE EXAM questions with 100- correct answers 2025
- Course
- Institution
C836 WGU COMPLETE EXAM questions with 100- correct answers 2025
[Show more]
Content preview
C836 WGU COMPLETE EXAMquestions with 100% correct
answers 2025
bounds checking - answer to set a limit on the amount of
data we expect to receive to set aside storage for that
data
*required in most programming languages
* prevents buffer overflows
race conditions - answer A type of software development
vulnerability that occurs when multiple processes or
multiple threads within a process control or share access
to a particular resource, and the correct handling of that
resource depends on the proper ordering or timing of
transactions
input validation - answer a type of attack that can occur
when we fail to validate the input to our applications or
take steps to filter out unexpected or undesirable content
format string attack - answer a type of input validation
attacks in which certain print functions within a
programming language can be used to manipulate or view
the internal memory of an application
,authentication attack - answer A type of attack that can
occur when we fail to use strong authentication
mechanisms for our applications
authorization attack - answer A type of attack that can
occur when we fail to use authorization best practices for
our applications
cryptographic attack - answer A type of attack that can
occur when we fail to properly design our security
mechanisms when implementing cryptographic controls in
our applications
client-side attack - answer A type of attack that takes
advantage of weaknesses in the software loaded on client
machines or one that uses social engineering techniques
to trick us into going along with the attack
XSS (Cross Site Scripting) - answer an attack carried out
by placing code in the form of a scripting language into a
web page or other media that is interpreted by a client
browser
XSRF (cross-site request forgery) - answer an attack in
which the attacker places a link on a web page in such a
way that it will be automatically executed to initiate a
particular activity on another web page or application
where the user is currently authenticated
,clickjacking - answer An attack that takes advantage of
the graphical display capabilities of our browser to trick us
into clicking on something we might not otherwise
server-side attack - answer A type of attack on the web
server that can target vulnerabilities such as lack of input
validation, improper or inadequate permissions, or
extraneous files left on the server from the development
process
Protocol issues, unauthenticated access, arbitrary code
execution, and privilege escalation - answer Name the 4
main categories of database security issues
web application analysis tool - answer A type of tool that
analyzes web pages or web-based applications and
searches for common flaws such as XSS or SQL injection
flaws, and improperly set permissions, extraneous files,
outdated software versions, and many more such items
protocol issues - answer unauthenticated flaws in
network protocols, authenticated flaws in network
protocols, flaws in authentication protocols
arbitrary code execution - answer An attack that exploits
an applications vulnerability into allowing the attacker to
execute commands on a user's computer.
* arbitrary code execution in intrinsic or securable SQL
elements
, Privilege Escalation - answer An attack that exploits a
vulnerability in software to gain access to resources that
the user normally would be restricted from accessing.
* via SQL injection or local issues
validating user inputs - answer a security best practice
for all software
* the most effective way of mitigating SQL injection
attacks
Nikto (and Wikto) - answer A web server analysis tool
that performs checks for many common server-side
vulnerabilities & creates an index of all the files and
directories it can see on the target web server (a process
known as spidering)
burp suite - answer A well-known GUI web analysis tool
that offers a free and professional version; the pro version
includes advanced tools for conducting more in-depth
attacks
fuzzer - answer A type of tool that works by bombarding
our applications with all manner of data and inputs from a
wide variety of sources, in the hope that we can cause the
application to fail or to perform in unexpected ways
MiniFuzz File Fuzzer - answer A tool developed by
Microsoft to find flaws in file-handling source code
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller BRAINBOOSTERS. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $14.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
83100 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now