WGU C836 EXAM QUESTIONS AND
ANSWERS. VERIFIED 2025/2026.
Bounds checking - ANS to set a limit on the amount of data we expect to receive to set aside
storage for that data
*required in most programming languages
* prevents buffer overflows
race conditions - ANS A type of software development vulnerability that occurs when
multiple processes or multiple threads within a process control or share access to a particular
resource, and the correct handling of that resource depends on the proper ordering or timing of
transactions
input validation - ANS a type of attack that can occur when we fail to validate the input to our
applications or take steps to filter out unexpected or undesirable content
format string attack - ANS a type of input validation attacks in which certain print functions
within a programming language can be used to manipulate or view the internal memory of an
application
authentication attack - ANS A type of attack that can occur when we fail to use strong
authentication mechanisms for our applications
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
,authorization attack - ANS A type of attack that can occur when we fail to use authorization
best practices for our applications
cryptographic attack - ANS A type of attack that can occur when we fail to properly design
our security mechanisms when implementing cryptographic controls in our applications
client-side attack - ANS A type of attack that takes advantage of weaknesses in the software
loaded on client machines or one that uses social engineering techniques to trick us into going
along with the attack
XSS (Cross Site Scripting) - ANS an attack carried out by placing code in the form of a scripting
language into a web page or other media that is interpreted by a client browser
XSRF (cross-site request forgery) - ANS an attack in which the attacker places a link on a web
page in such a way that it will be automatically executed to initiate a particular activity on
another web page or application where the user is currently authenticated
SQL Injection Attack - ANS Attacks against a web site that take advantage of vulnerabilities in
poorly coded SQL (a standard and common database software application) applications in order
to introduce malicious program code into a company's systems and networks.
clickjacking - ANS An attack that takes advantage of the graphical display capabilities of our
browser to trick us into clicking on something we might not otherwise
server-side attack - ANS A type of attack on the web server that can target vulnerabilities
such as lack of input validation, improper or inadequate permissions, or extraneous files left on
the server from the development process
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, Protocol issues, unauthenticated access, arbitrary code execution, and privilege escalation -
ANS Name the 4 main categories of database security issues
web application analysis tool - ANS A type of tool that analyzes web pages or web-based
applications and searches for common flaws such as XSS or SQL injection flaws, and improperly
set permissions, extraneous files, outdated software versions, and many more such items
protocol issues - ANS unauthenticated flaws in network protocols, authenticated flaws in
network protocols, flaws in authentication protocols
arbitrary code execution - ANS An attack that exploits an applications vulnerability into
allowing the attacker to execute commands on a user's computer.
* arbitrary code execution in intrinsic or securable SQL elements
Privilege Escalation - ANS An attack that exploits a vulnerability in software to gain access to
resources that the user normally would be restricted from accessing.
* via SQL injection or local issues
validating user inputs - ANS a security best practice for all software
* the most effective way of mitigating SQL injection attacks
Nikto (and Wikto) - ANS A web server analysis tool that performs checks for many common
server-side vulnerabilities & creates an index of all the files and directories it can see on the
target web server (a process known as spidering)
burp suite - ANS A well-known GUI web analysis tool that offers a free and professional
version; the pro version includes advanced tools for conducting more in-depth attacks
3 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
ANSWERS. VERIFIED 2025/2026.
Bounds checking - ANS to set a limit on the amount of data we expect to receive to set aside
storage for that data
*required in most programming languages
* prevents buffer overflows
race conditions - ANS A type of software development vulnerability that occurs when
multiple processes or multiple threads within a process control or share access to a particular
resource, and the correct handling of that resource depends on the proper ordering or timing of
transactions
input validation - ANS a type of attack that can occur when we fail to validate the input to our
applications or take steps to filter out unexpected or undesirable content
format string attack - ANS a type of input validation attacks in which certain print functions
within a programming language can be used to manipulate or view the internal memory of an
application
authentication attack - ANS A type of attack that can occur when we fail to use strong
authentication mechanisms for our applications
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
,authorization attack - ANS A type of attack that can occur when we fail to use authorization
best practices for our applications
cryptographic attack - ANS A type of attack that can occur when we fail to properly design
our security mechanisms when implementing cryptographic controls in our applications
client-side attack - ANS A type of attack that takes advantage of weaknesses in the software
loaded on client machines or one that uses social engineering techniques to trick us into going
along with the attack
XSS (Cross Site Scripting) - ANS an attack carried out by placing code in the form of a scripting
language into a web page or other media that is interpreted by a client browser
XSRF (cross-site request forgery) - ANS an attack in which the attacker places a link on a web
page in such a way that it will be automatically executed to initiate a particular activity on
another web page or application where the user is currently authenticated
SQL Injection Attack - ANS Attacks against a web site that take advantage of vulnerabilities in
poorly coded SQL (a standard and common database software application) applications in order
to introduce malicious program code into a company's systems and networks.
clickjacking - ANS An attack that takes advantage of the graphical display capabilities of our
browser to trick us into clicking on something we might not otherwise
server-side attack - ANS A type of attack on the web server that can target vulnerabilities
such as lack of input validation, improper or inadequate permissions, or extraneous files left on
the server from the development process
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, Protocol issues, unauthenticated access, arbitrary code execution, and privilege escalation -
ANS Name the 4 main categories of database security issues
web application analysis tool - ANS A type of tool that analyzes web pages or web-based
applications and searches for common flaws such as XSS or SQL injection flaws, and improperly
set permissions, extraneous files, outdated software versions, and many more such items
protocol issues - ANS unauthenticated flaws in network protocols, authenticated flaws in
network protocols, flaws in authentication protocols
arbitrary code execution - ANS An attack that exploits an applications vulnerability into
allowing the attacker to execute commands on a user's computer.
* arbitrary code execution in intrinsic or securable SQL elements
Privilege Escalation - ANS An attack that exploits a vulnerability in software to gain access to
resources that the user normally would be restricted from accessing.
* via SQL injection or local issues
validating user inputs - ANS a security best practice for all software
* the most effective way of mitigating SQL injection attacks
Nikto (and Wikto) - ANS A web server analysis tool that performs checks for many common
server-side vulnerabilities & creates an index of all the files and directories it can see on the
target web server (a process known as spidering)
burp suite - ANS A well-known GUI web analysis tool that offers a free and professional
version; the pro version includes advanced tools for conducting more in-depth attacks
3 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
