WGU C836 Comprehensive 2026-2027 Frequently
Tested Questions With ELABORATED 100% Correct
COMPLETE SOLUTIONS
Guaranteed Pass!!Current Update!!
1. Authentication attack - ANSWER A type of attack that can occur when
we fail to use strong authentication mechanisms for our applications
2. Authorization attack - ANSWER A type of attack that can occur when we
fail to use authorization best practices for our applications
3. Cryptographic attack - ANSWER A type of attack that can occur when we
fail to properly design our security mechanisms when implementing
cryptographic controls in our applications
4. Client-side attack - ANSWER A type of attack that takes advantage of
weaknesses in the software loaded on client machines or one that uses
social engineering techniques to trick us into going along with the attack
5. XSS (Cross Site Scripting) - ANSWER an attack carried out by placing
code in the form of a scripting language into a web page or other media
that is interpreted by a client browser
,6. XSRF (cross-site request forgery) - ANSWER an attack in which the
attacker places a link on a web page in such a way that it will be
automatically executed to initiate a particular activity on another web page
or application where the user is currently authenticated
7. SQL Injection Attack - ANSWER Attacks against a web site that take
advantage of vulnerabilities in poorly coded SQL (a standard and common
database software application) applications in order to introduce malicious
program code into a company's systems and networks.
8. Clickjacking - ANSWER An attack that takes advantage of the graphical
display capabilities of our browser to trick us into clicking on something we
might not otherwise
9. Server-side attack - ANSWER A type of attack on the web server that can
target vulnerabilities such as lack of input validation, improper or
inadequate permissions, or extraneous files left on the server from the
development process
10.Protocol issues, unauthenticated access, arbitrary code execution, and
privilege escalation - ANSWER Name the 4 main categories of database
security issues
11.web application analysis tool - ANSWER A type of tool that analyzes web
pages or web-based applications and searches for common flaws such as
XSS or SQL injection flaws, and improperly set permissions, extraneous files,
outdated software versions, and many more such items
,12.Protocol issues - ANSWER unauthenticated flaws in network protocols,
authenticated flaws in network protocols, flaws in authentication protocols
13.Arbitrary code execution - ANSWER An attack that exploits an
applications vulnerability into allowing the attacker to execute commands
on a user's computer.
• arbitrary code execution in intrinsic or securable SQL elements
14.Privilege Escalation - ANSWER An attack that exploits a vulnerability in
software to gain access to resources that the user normally would be
restricted from accessing.
• via SQL injection or local issues
15.Validating user inputs - ANSWER a security best practice for all software
• the most effective way of mitigating SQL injection attacks
16.Nikto (and Wikto) - ANSWER A web server analysis tool that performs
checks for many common server-side vulnerabilities & creates an index of
all the files and directories it can see on the target web server (a process
known as spidering)
17.Burp suite - ANSWER A well-known GUI web analysis tool that offers a
free and professional version; the pro version includes advanced tools for
conducting more in-depth attacks
, 18.Fuzzer - ANSWER A type of tool that works by bombarding our
applications with all manner of data and inputs from a wide variety of
sources, in the hope that we can cause the application to fail or to perform
in unexpected ways
19.MiniFuzz File Fuzzer - ANSWER A tool developed by Microsoft to find
flaws in file-handling source code
20.BinScope Binary Analyzer - ANSWER A tool developed by Microsoft to
examine source code for general good practices
21.SDL Regex Fuzzer - ANSWER A tool developed by Microsoft for testing
certain pattern-matching expressions for potential vulnerabilities
22.Good sources of secure coding guidelines - ANSWER CERT, NIST 800,
BSI, an organization's internal coding guidelines
23.OS hardening - ANSWER the process of reducing the number of
available avenues through which our OS might be attacked
24.Attack surface - ANSWER The total of the areas through which our
operating system might be attacked
25.6 main hardening categories - ANSWER 1. Removing unnecessary
software
Tested Questions With ELABORATED 100% Correct
COMPLETE SOLUTIONS
Guaranteed Pass!!Current Update!!
1. Authentication attack - ANSWER A type of attack that can occur when
we fail to use strong authentication mechanisms for our applications
2. Authorization attack - ANSWER A type of attack that can occur when we
fail to use authorization best practices for our applications
3. Cryptographic attack - ANSWER A type of attack that can occur when we
fail to properly design our security mechanisms when implementing
cryptographic controls in our applications
4. Client-side attack - ANSWER A type of attack that takes advantage of
weaknesses in the software loaded on client machines or one that uses
social engineering techniques to trick us into going along with the attack
5. XSS (Cross Site Scripting) - ANSWER an attack carried out by placing
code in the form of a scripting language into a web page or other media
that is interpreted by a client browser
,6. XSRF (cross-site request forgery) - ANSWER an attack in which the
attacker places a link on a web page in such a way that it will be
automatically executed to initiate a particular activity on another web page
or application where the user is currently authenticated
7. SQL Injection Attack - ANSWER Attacks against a web site that take
advantage of vulnerabilities in poorly coded SQL (a standard and common
database software application) applications in order to introduce malicious
program code into a company's systems and networks.
8. Clickjacking - ANSWER An attack that takes advantage of the graphical
display capabilities of our browser to trick us into clicking on something we
might not otherwise
9. Server-side attack - ANSWER A type of attack on the web server that can
target vulnerabilities such as lack of input validation, improper or
inadequate permissions, or extraneous files left on the server from the
development process
10.Protocol issues, unauthenticated access, arbitrary code execution, and
privilege escalation - ANSWER Name the 4 main categories of database
security issues
11.web application analysis tool - ANSWER A type of tool that analyzes web
pages or web-based applications and searches for common flaws such as
XSS or SQL injection flaws, and improperly set permissions, extraneous files,
outdated software versions, and many more such items
,12.Protocol issues - ANSWER unauthenticated flaws in network protocols,
authenticated flaws in network protocols, flaws in authentication protocols
13.Arbitrary code execution - ANSWER An attack that exploits an
applications vulnerability into allowing the attacker to execute commands
on a user's computer.
• arbitrary code execution in intrinsic or securable SQL elements
14.Privilege Escalation - ANSWER An attack that exploits a vulnerability in
software to gain access to resources that the user normally would be
restricted from accessing.
• via SQL injection or local issues
15.Validating user inputs - ANSWER a security best practice for all software
• the most effective way of mitigating SQL injection attacks
16.Nikto (and Wikto) - ANSWER A web server analysis tool that performs
checks for many common server-side vulnerabilities & creates an index of
all the files and directories it can see on the target web server (a process
known as spidering)
17.Burp suite - ANSWER A well-known GUI web analysis tool that offers a
free and professional version; the pro version includes advanced tools for
conducting more in-depth attacks
, 18.Fuzzer - ANSWER A type of tool that works by bombarding our
applications with all manner of data and inputs from a wide variety of
sources, in the hope that we can cause the application to fail or to perform
in unexpected ways
19.MiniFuzz File Fuzzer - ANSWER A tool developed by Microsoft to find
flaws in file-handling source code
20.BinScope Binary Analyzer - ANSWER A tool developed by Microsoft to
examine source code for general good practices
21.SDL Regex Fuzzer - ANSWER A tool developed by Microsoft for testing
certain pattern-matching expressions for potential vulnerabilities
22.Good sources of secure coding guidelines - ANSWER CERT, NIST 800,
BSI, an organization's internal coding guidelines
23.OS hardening - ANSWER the process of reducing the number of
available avenues through which our OS might be attacked
24.Attack surface - ANSWER The total of the areas through which our
operating system might be attacked
25.6 main hardening categories - ANSWER 1. Removing unnecessary
software
