C836 WGU COMPLETE questions and answers well detailed and verified.

C836 WGU COMPLETE questions and answers well detailed and verified. bounds checking - correct set a limit on the amount of data we expect to receive to set aside storage for that data *required in most programming languages * prevents buffer overflows race conditions - correct answers.A type of software development vulnerability that occurs when multiple processes or multiple threads within a process control or share access to a particular resource, and the correct handling of that resource depends on the proper ordering or timing of transactions input validation - correct answers.a type of attack that can occur when we fail to validate the input to our applications or take steps to filter out unexpected or undesirable content format string attack - correct answers.a type of input validation attacks in which certain print functions within a programming language can be used to manipulate or view the internal memory of an application authentication attack - correct answers.A type of attack that can occur when we fail to use strong authentication mechanisms for our applications authorization attack - correct answers.A type of attack that can occur when we fail to use authorization best practices for our applications cryptographic attack - correct answers.A type of attack that can occur when we fail to properly design our security mechanisms when implementing cryptographic controls in our applications client-side attack - correct answers.A type of attack that takes advantage of weaknesses in the software loaded on client machines or one that uses social engineering techniques to trick us into going along with the attack XSS (Cross Site Scripting) - correct attack carried out by placing code in the form of a scripting language into a web page or other media that is interpreted by a client browser XSRF (cross-site request forgery) - correct attack in which the attacker places a link on a web page in such a way that it will be automatically executed to initiate a particular activity on another web page or application where the user is currently authenticated clickjacking - correct answers.An attack that takes advantage of the graphical display capabilities of our browser to trick us into clicking on something we might not otherwise server-side attack - correct answers.A type of attack on the web server that can target vulnerabilities such as lack of input validation, improper or inadequate permissions, or extraneous files left on the server from the development process Protocol issues, unauthenticated access, arbitrary code execution, and privilege escalation - correct answers.Name the 4 main categories of database security issues web application analysis tool - correct answers.A type of tool that analyzes web pages or web-based applications and searches for common flaws such as XSS or SQL injection flaws, and improperly set permissions, extraneous files, outdated software versions, and many more such items protocol issues - correct henticated flaws in network protocols, authenticated flaws in network protocols, flaws in authentication protocols arbitrary code execution - correct answers.An attack that exploits an applications vulnerability into allowing the attacker to execute commands on a user's computer. * arbitrary code execution in intrinsic or securable SQL elements Privilege Escalation - correct answers.An attack that exploits a vulnerability in software to gain access to resources that the user normally would be restricted from accessing. * via SQL injection or local issues validating user inputs - correct answers.a security best practice for all software * the most effective way of mitigating SQL injection attacks Nikto (and Wikto) - correct answers.A web server analysis tool that performs checks for many common server-side vulnerabilities & creates an index of all the files and directories it can see on the target web server (a process known as spidering) burp suite - correct answers.A well-known GUI web analysis tool that offers a free and professional version; the pro version includes advanced tools for conducting more in-depth attacks fuzzer - correct answers.A type of tool that works by bombarding our applications with all manner of data and inputs from a wide variety of sources, in the hope that we can cause the application to fail or to perform in unexpected ways MiniFuzz File Fuzzer - correct answers.A tool developed by Microsoft to find flaws in file-handling source code BinScope Binary Analyzer - correct answers.A tool developed by Microsoft to examine source code for general good practices SDL Regex Fuzzer - correct answers.A tool developed by Microsoft for testing certain pattern-matching expressions for potential vulnerabilities good sources of secure coding guidelines - correct answers.CERT, NIST 800, BSI, an organization's internal coding guidelines OS hardening - correct process of reducing the number of available avenues through which our OS might be attacked attack surface - correct answers.The total of the areas through which our operating system might be attacked 6 main hardening categories - correct answers.1. Removing unnecessary software 2. Removing or turning off unessential services 3. Making alterations to common accounts 4. Applying the principle of least privilege 5. Applying software updates in a timely manner 6. Making use of logging and auditing functions Principle of Least Privilege - correct s we should only allow a party the absolute minimum permission needed for it to carry out its function stuxnet - correct answers.A particularly complex and impactful item of malware that targeted the Supervisory Control and Data Acquisition (SCADA) systems that run various industrial processes; this piece of malware raised the bar for malware from largely being a virtual-based attack to actually being physically destructive anti-malware tool - correct answers.A type of tool that uses signature matching or anomaly detection (heuristics) to detect malware threats, either in real-time or by performing scans of files and processes