WGU D385 - Software and Security Testing_ Updated Exam Review With Correct Questions and Answers_ 100% Graded A+

WGU D385 - Software and Security Testing_ Updated Exam Review With Correct Questions and Answers_ 100% Graded A+ What is the primary defense against log injection attacks? - do not use parameterized stored procedures in the database - allow all users to write to these logs - sanitize outbound log messages - use API calls to log actions - CORRECT ANSWER-- sanitize outbound log messages An attacker exploits a cross-site scripting vulnerability. What is the attacker able to do? - execute a shell command or script - access the user's data - discover other users' credentials - gain access to sensitive files on the server - CORRECT ANSWER-- execute a shell command or script Which Python function is prone to a potential code injection attack? - type - eval - print - append - CORRECT ANSWER-- eval Which package is meant for internal use by Python for regression testing? - regress test - doctest - assert - test - CORRECT ANSWER-- test What are two common defensive coding techniques? - encrypt passwords and email submissions - check functional preconditions and postconditions - adjust length and encoding of messages - develop code with exceptions to find errors - CORRECT ANSWER-- develop code with exceptions to find errors A security analyst is reviewing code for improper input validation. Which type of input validation does this code show? isValidNumber = False while not isValidNumber: try: pickedNumber = int(input('Pick a number from 1 to 10')) if pickedNumber >= 1 and pickedNumber <= 10: isValidNumber = True except: print('You must enter a valid number from 1 to 10') print('You picked the number ' + str(pickedNumber)) - CORRECT ANSWER-- type and range check Consider the following penetration test: import requests urls = open("", "r") for url in urls: url = () req = (url) print (url, 'report try:transport_security = rs['Strict-Transport-Security']except:print ('HSTS header not set properly') -------------------------------------- Which security vulnerability is shown? - cross-site scripting - denial of service - code injection - man-in-the-middle - CORRECT ANSWER-- man-in-the-middle A security analyst has noticed a vulnerability in which an attacker took over multiple user's accounts. Which vulnerability did the security analyst encounter? - broken access control - broken function level authorization - API mass assignment - privilege escalation - CORRECT ANSWER-- broken access control When creating a new user, an administrator must submit the following fields to an API endpoint: Name Email Address Password IsAdmin What is the best way to ensure the API is protected against privilege escalation? - encrypt the incoming request - implement resource and field-level access control - ensure incoming requests are rate limited - remove IsAdmin from the endpoint - CORRECT ANSWER-- remove IsAdmin from the endpoint Which method is used for a SQL injection attack? - exploiting query parameters - passing safe query parameters - using SQL composition - utilizing literal parameters - CORRECT ANSWER-- exploiting query parameters