C725 WGU CISSP Study Guide 8th
Edition
Signature Detection
Signature detection mechanisms use known descriptions of viruses to identify malicious
code resident on a system.
Domain 3: Security Architecture and Engineering
3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and
solution elements
Malicious Code - What is the most commonly used technique to protect against virus
attacks?
A Signature detection
B Automated reconstruction
C Data integrity assurance
D Heuristic detection
Backdoor
Back doors are undocumented command sequences that allow individuals with
knowledge of the back door to bypass normal access restrictions.
Domain 3: Security Architecture and Engineering
3.6 Assess and mitigate vulnerabilities in web-based systems
Application Attacks - Ben's system was infected by malicious code that modified the
operating system to allow the malicious code author to gain access to his files. What
type of exploit did this attacker engage in?
A Escalation of privilege
B Back door
C Rootkit
D Buffer overflow
Buffer Overflow
Buffer overflow attacks allow an attacker to modify the contents of a system's memory
by writing beyond the space allocated for a variable.
Domain 3: Security Architecture and Engineering
3.6 Assess and mitigate vulnerabilities in web-based systems
Application Attacks - What type of application vulnerability most directly allows an
attacker to modify the contents of a system's memory?
,C725 WGU CISSP Study Guide 8th
Edition
A TOC/TOU
B Back door
C Rootkit
D Buffer overflow
ReflectedrInputr
r
Cross-siterscriptingrattacksrarersuccessfulronlyragainstrwebrapplicationsrthatrincluder
reflectedrinput. r
r
Domainr8:rSoftwarerDevelopmentrSecurityr
8.5rDefinerandrapplyrsecurercodingrguidelinesrandrstandardsr
WebrApprSecurityr-
rWhatrconditionrisrnecessaryronrarwebrpagerforritrtorberusedrinrarcross-
siterscriptingrattack?r
r
A .NETrtechnologyr
B Database-drivenrcontentr
C Reflectedrinputr
D CGIrscriptsr
r
Stuxnetr
r
Stuxnetrwasrarhighlyrsophisticatedrwormrdesignedrtordestroyrnuclearrenrichmentr
centrifugesrattachedrtorSiemensrcontrollers. r
r
3.0rDomainr3:rSecurityrArchitecturerandrEngineeringr
3.5rAssessrandrmitigaterthervulnerabilitiesrofrsecurityrarchitectures,rdesigns,randrsolutionr
elementsr
MaliciousrCoder-
rWhatrwormrwasrtherfirstrtorcausermajorrphysicalrdamagertorarfacility?rArMelissar
B RTMr
C Stuxnetr
D CoderRedr
r
DMZr(demilitarizedrzone)r
r
TherDMZr(demilitarizedrzone)risrdesignedrtorhousersystemsrlikerwebrserversrthatrmustr
beraccessiblerfromrbothrtherinternalrandrexternalrnetworks. r
r
Domainr8:rSoftwarerDevelopmentrSecurityr
8.2rIdentifyrandrapplyrsecurityrcontrolsrinrdevelopmentrenvironmentsr
, C725 WGU CISSP Study Guide 8th
Edition
WebrApprSecurityr-rYourarerthersecurityradministratorrforranre-
commercercompanyrandrarerplacingrarnewrwebrserverrintorproduction.rWhatrnetworkrzon
ershouldryouruse?r
r
A Intranetr
B Sandboxr
C Internetr
D DMZr
r
fsas3alGr
r
ExceptroptionrC,rtherchoicesrarerformsrofrcommonrwordsrthatrmightrberfoundrduringrardict
ionaryrattack.rmikerisrarnamerandrwouldrbereasilyrdetected.relpparisrsimplyrapplerspelledr
backward,randrdayorangercombinesrtwordictionaryrwords.rCrackrandrotherrutilitiesrcanre
asilyrseerthroughrtheser"sneaky"rtechniques.rOptionrCrisrsimplyrarrandomrstringrofrcharac
tersrthatrardictionaryrattackrwouldrnotruncover.r
r
Domainr3:rSecurityrArchitecturerandrEngineeringr
3.6rAssessrandrmitigatervulnerabilitiesrinrweb-basedrsystemsr
PasswordrAttacksr-
rWhichronerofrtherfollowingrpasswordsrisrleastrlikelyrtorbercompromisedrduringrardictionar
yrattack?r
r
A elppar
B dayoranger
C fsas3alGr
D miker
r
Saltingr
r
Saltingrpasswordsraddsrarrandomrvaluertortherpasswordrpriorrtorhashing,rmakingritr
impracticalrtorconstructrarrainbowrtablerofrallrpossiblervalues. r
r
3.0rDomainr3:rSecurityrArchitecturerandrEngineeringr
3.6rAssessrandrmitigatervulnerabilitiesrinrweb-basedrsystemsr
PasswordrAttacksr-
rWhatrtechniquermayrberusedrtorlimitrthereffectivenessrofrrainbowrtablerattacks?r
r
A Saltingr
B Hashingr
C Transportrencryptionr
D Digitalrsignaturesr
r
Edition
Signature Detection
Signature detection mechanisms use known descriptions of viruses to identify malicious
code resident on a system.
Domain 3: Security Architecture and Engineering
3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and
solution elements
Malicious Code - What is the most commonly used technique to protect against virus
attacks?
A Signature detection
B Automated reconstruction
C Data integrity assurance
D Heuristic detection
Backdoor
Back doors are undocumented command sequences that allow individuals with
knowledge of the back door to bypass normal access restrictions.
Domain 3: Security Architecture and Engineering
3.6 Assess and mitigate vulnerabilities in web-based systems
Application Attacks - Ben's system was infected by malicious code that modified the
operating system to allow the malicious code author to gain access to his files. What
type of exploit did this attacker engage in?
A Escalation of privilege
B Back door
C Rootkit
D Buffer overflow
Buffer Overflow
Buffer overflow attacks allow an attacker to modify the contents of a system's memory
by writing beyond the space allocated for a variable.
Domain 3: Security Architecture and Engineering
3.6 Assess and mitigate vulnerabilities in web-based systems
Application Attacks - What type of application vulnerability most directly allows an
attacker to modify the contents of a system's memory?
,C725 WGU CISSP Study Guide 8th
Edition
A TOC/TOU
B Back door
C Rootkit
D Buffer overflow
ReflectedrInputr
r
Cross-siterscriptingrattacksrarersuccessfulronlyragainstrwebrapplicationsrthatrincluder
reflectedrinput. r
r
Domainr8:rSoftwarerDevelopmentrSecurityr
8.5rDefinerandrapplyrsecurercodingrguidelinesrandrstandardsr
WebrApprSecurityr-
rWhatrconditionrisrnecessaryronrarwebrpagerforritrtorberusedrinrarcross-
siterscriptingrattack?r
r
A .NETrtechnologyr
B Database-drivenrcontentr
C Reflectedrinputr
D CGIrscriptsr
r
Stuxnetr
r
Stuxnetrwasrarhighlyrsophisticatedrwormrdesignedrtordestroyrnuclearrenrichmentr
centrifugesrattachedrtorSiemensrcontrollers. r
r
3.0rDomainr3:rSecurityrArchitecturerandrEngineeringr
3.5rAssessrandrmitigaterthervulnerabilitiesrofrsecurityrarchitectures,rdesigns,randrsolutionr
elementsr
MaliciousrCoder-
rWhatrwormrwasrtherfirstrtorcausermajorrphysicalrdamagertorarfacility?rArMelissar
B RTMr
C Stuxnetr
D CoderRedr
r
DMZr(demilitarizedrzone)r
r
TherDMZr(demilitarizedrzone)risrdesignedrtorhousersystemsrlikerwebrserversrthatrmustr
beraccessiblerfromrbothrtherinternalrandrexternalrnetworks. r
r
Domainr8:rSoftwarerDevelopmentrSecurityr
8.2rIdentifyrandrapplyrsecurityrcontrolsrinrdevelopmentrenvironmentsr
, C725 WGU CISSP Study Guide 8th
Edition
WebrApprSecurityr-rYourarerthersecurityradministratorrforranre-
commercercompanyrandrarerplacingrarnewrwebrserverrintorproduction.rWhatrnetworkrzon
ershouldryouruse?r
r
A Intranetr
B Sandboxr
C Internetr
D DMZr
r
fsas3alGr
r
ExceptroptionrC,rtherchoicesrarerformsrofrcommonrwordsrthatrmightrberfoundrduringrardict
ionaryrattack.rmikerisrarnamerandrwouldrbereasilyrdetected.relpparisrsimplyrapplerspelledr
backward,randrdayorangercombinesrtwordictionaryrwords.rCrackrandrotherrutilitiesrcanre
asilyrseerthroughrtheser"sneaky"rtechniques.rOptionrCrisrsimplyrarrandomrstringrofrcharac
tersrthatrardictionaryrattackrwouldrnotruncover.r
r
Domainr3:rSecurityrArchitecturerandrEngineeringr
3.6rAssessrandrmitigatervulnerabilitiesrinrweb-basedrsystemsr
PasswordrAttacksr-
rWhichronerofrtherfollowingrpasswordsrisrleastrlikelyrtorbercompromisedrduringrardictionar
yrattack?r
r
A elppar
B dayoranger
C fsas3alGr
D miker
r
Saltingr
r
Saltingrpasswordsraddsrarrandomrvaluertortherpasswordrpriorrtorhashing,rmakingritr
impracticalrtorconstructrarrainbowrtablerofrallrpossiblervalues. r
r
3.0rDomainr3:rSecurityrArchitecturerandrEngineeringr
3.6rAssessrandrmitigatervulnerabilitiesrinrweb-basedrsystemsr
PasswordrAttacksr-
rWhatrtechniquermayrberusedrtorlimitrthereffectivenessrofrrainbowrtablerattacks?r
r
A Saltingr
B Hashingr
C Transportrencryptionr
D Digitalrsignaturesr
r
