WGU C836 MULTI COMPREHENSIVE FINAL EXAM. QUESTIONS WITH 100% VERIFIED ANSWERS.

150. An attack carried out by placing code in the form of a scripting language into a web page, or other media, that is interpreted by a client browser 151. In this type of attack, the attacker places a link on a web page in such a way that it will be automatically executed, in order to initiate a particular activity on another web page or application where the user is currently authenticated 152. A type of attack on the web server that can target vulnerabilities such as lack of input validation, improper or inadequate permissions, or extraneous files left on the server from the development process 153. Name the four main categories of database security issues 154. A type of tool that analyzes web pages or web-based applications and searches for common flaws such as XSS or SQL injection flaws, and improperly set permissions, extraneous files, outdated software versions, and many more such items 155. A web server analysis tool that performs checks for many common server-side vulnerabilities, and creates an index of all the files and directories it can see on the target web server (a process known as spidering) 156. A well-known web analysis tool that offers a free and a professional version; the pro version includes advanced tools for conducting more in-depth attacks 157. A type of tool that works by bombarding our applications with all manner of data and inputs from a wide variety of sources, in the hope that we can cause the application to fail or to perform in unexpected ways 158. A tool developed by Microsoft to find flaws in file-handling source code 159. A tool developed by Microsoft for testing certain pattern-matching expressions for potential vulnerabilities 160. Which software development vulnerability is stopped by proper bounds checking? A. Authentication attacks B. Race conditions C. Buffer overflows D. Authorization attacks 161. A database is vulnerable to SQL injection attacks through direct attempts to the database server or through applications software, including web applications. What is the most effective way of mitigating these attacks? A. Authenticating the user on the client-side B. Authenticating the user on the server-side C. Keeping the software patched D. Turning on database logging E. Validating user inputs 162. Each correct answer represents a complete solution. Choose all that apply. A. The organization's internal coding guidelines B.NIST 800 C.CERT D.BSI E. All 163. Type of Attack on Confidentiality A. Interception B. Interruption C. Modification D. Fabrication 164. Type of Attack on Integrity A. Interception B. Interruption C. Modification D. Fabrication 1.B,D and A 2.A and B 3. B,C and D 4. A, C and D 165. Type of Attack on Availability A. Interception B. Interruption C. Modification D. Fabrication 1.B,D and A 2.A and B 3. B,C and D 4. A, C and D 166. DOS on a mail server Interception Interruption Modification Fabrication 167. Altering a web server config file Interception Interruption Modification Fabrication 168. Eavesdropping on a phone Interception Interruption Modification Fabrication 169. Spoofing emails Interception Interruption Modification Fabrication