WGU D385 Logging and Security Issues Practice Exam 2024 Latest Questions Included

WGU D385 Logging and Security Exam What are some common debugging techniques? - printing out values of variables - changing the state ("path") of the program to make it do different things - stepping through the execution of a program line by line - breakpoints - trace points - stopping the program at certain events - viewing the output of a program in a debugger window What are some Python debugging tools? - pdb: most commonly used - Web-PDB - wdb - Pyflame - objgraph XML External Entity Attacks - XXE - when attackers exploit an XML parser to read arbitrary files on your server - attackers might also be able to read config files, retrieve user information Insecure Deserialization - serialization is the conversion of an object in a programming language is saved into a format that can be saved to a database - DEserialization is when a serialized object is read from a file or the network and converted back into an object - INSECURE DESERIALIZATION occurs when an attacker can manipulate the serialized object and achieve authentication bypass, DOS, or arbitrary code execution Injection Attacks - when an application cannot properly distinguish between untrusted user data and code - typically allows for arbitrary code execution SQL Injection Attack Mitigation - use parameterized statements Log Injection Attack Mitigation - prefixing log entries with meta-data (i.e. timestamp) - validate the entry before accessing or opening Sensitive Data Leaks - occurs when an application fails to properly protect sensitive information - this typically occurs through descriptive response headers, descriptive error messages with stack traces or database error messages, or revealing comments in HTML files Cross-site Request Forgery - client-side technique used to attack other users of a web application - attackers send HTTP requests that pretend to come from the victim - attackers then carry out unwanted actions such as changing a password or transferring money from a bank account CSRF Mitigation - CSRF tokens - SameSite cookies - avoid using GET requests for state-changing actions SSRF - Server-side Request Forgery - attacker us able to send requests on behalf of the server - allows attackers to forge the request signature and assume a privileged position on a network, bypassing firewall controls, and gaining access to internal services SSRF Mitigation - never make outbound requests based on user input - validate external addresses before initiating any outbound requests PDB - debugger built into the Python standard library Which three actions are supported by the Python Debugger (PDB)? (Choose 3 answers.) - establishing breakpoints - code step throughs - stack tracing