C725 WGU CISSP Study Guide 8th
Edition
Signature Detection
Signature detection mechanisms use known descriptions of viruses to identify malicious
code resident on a system.
Domain 3: Security Architecture and Engineering
3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and
solution elements
Malicious Code - What is the most commonly used technique to protect against virus
attacks?
A Signature detection
B Automated reconstruction
C Data integrity assurance
D Heuristic detection
Backdoor
Back doors are undocumented command sequences that allow individuals with
knowledge of the back door to bypass normal access restrictions.
Domain 3: Security Architecture and Engineering
3.6 Assess and mitigate uvulnerabilities uin uweb-based usystems
Application uAttacks u- uBen's usystem uwas uinfected uby umalicious ucode uthat
umodified uthe uoperating usystem uto uallow uthe umalicious ucode uauthor uto ugain
uaccess uto uhis ufiles. uWhat utype uof uexploit udid uthis uattacker uengage uin?
A uEscalation uof uprivilege
B uBack udoor
C uRootkit
D uBuffer uoverflow
Buffer uOverflow
Buffer uoverflow uattacks uallow uan uattacker uto umodify uthe ucontents uof ua usystem's
umemory uby uwriting ubeyond uthe uspace uallocated ufor ua uvariable.
Domain u3: uSecurity uArchitecture uand uEngineering
3.6 uAssess uand umitigate uvulnerabilities uin uweb-based usystems
Application uAttacks u- uWhat utype uof uapplication uvulnerability umost udirectly uallows
uan uattacker uto umodify uthe ucontents uof ua usystem's umemory?
A uTOC/TOU
B uBack udoor
C uRootkit
,C725 WGU CISSP Study Guide 8th
Edition
D uBuffer uoverflow
Reflected uInput
Cross-site uscripting uattacks uare usuccessful uonly uagainst uweb uapplications uthat
uinclude ureflected uinput.
Domain u8: uSoftware uDevelopment uSecurity
8.5 uDefine uand uapply usecure ucoding uguidelines uand ustandards
Web uApp uSecurity u- uWhat ucondition uis unecessary uon ua uweb upage ufor uit uto ube
uused uin ua ucross-site uscripting uattack?
A u.NET utechnology
B uDatabase-driven ucontent
C uReflected uinput
D uCGI uscripts
Stuxnet
Stuxnet uwas ua uhighly usophisticated uworm udesigned uto udestroy unuclear uenrichment
ucentrifuges uattached uto uSiemens ucontrollers.
3.0 uDomain u3: uSecurity uArchitecture uand uEngineering
3.5 uAssess uand umitigate uthe uvulnerabilities uof usecurity uarchitectures, udesigns,
uand usolution uelements
Malicious uCode u- uWhat uworm uwas uthe ufirst uto ucause umajor uphysical udamage uto ua
ufacility?
A uMelissa
B uRTM
C uStuxnet
D uCode uRed
DMZ u(demilitarized uzone)
The uDMZ u(demilitarized uzone) uis udesigned uto uhouse usystems ulike uweb uservers
uthat umust ube uaccessible ufrom uboth uthe uinternal uand uexternal unetworks.
Domain u8: uSoftware uDevelopment uSecurity
8.2 uIdentify uand uapply usecurity ucontrols uin udevelopment uenvironments
Web uApp uSecurity u- uYou uare uthe usecurity uadministrator ufor uan ue-commerce
ucompany uand uare uplacing ua unew uweb userver uinto uproduction. uWhat unetwork uzone
ushould uyou uuse?
A uIntranet
B uSandbox
C uInternet
, C725 WGU CISSP Study Guide 8th
Edition
D uDMZ
fsas3alG
Except uoption uC, uthe uchoices uare uforms uof ucommon uwords uthat umight ube ufound
uduring ua udictionary uattack. umike uis ua uname uand uwould ube ueasily udetected. uelppa
uis usimply uapple uspelled ubackward, uand udayorange ucombines utwo udictionary uwords.
uCrack uand uother uutilities ucan ueasily usee uthrough uthese u"sneaky" utechniques. uOption
uC uis usimply ua urandom ustring uof ucharacters uthat ua udictionary uattack uwould unot
uuncover.
Domain u3: uSecurity uArchitecture uand uEngineering
3.6 uAssess uand umitigate uvulnerabilities uin uweb-based usystems
Password uAttacks u- uWhich uone uof uthe ufollowing upasswords uis uleast ulikely uto ube
ucompromised uduring ua udictionary uattack?
A uelppa
B udayorange
C ufsas3alG
D umike
Salting
Salting upasswords uadds ua urandom uvalue uto uthe upassword uprior uto uhashing, umaking
uit uimpractical uto uconstruct ua urainbow utable uof uall upossible uvalues.
3.0 uDomain u3: uSecurity uArchitecture uand uEngineering
3.6 uAssess uand umitigate uvulnerabilities uin uweb-based usystems
Password uAttacks u- uWhat utechnique umay ube uused uto ulimit uthe ueffectiveness uof
urainbow utable uattacks?
A uSalting
B uHashing
C uTransport uencryption
D uDigital usignatures
Port uScan
Port uscans ureveal uthe uports uassociated uwith uservices urunning uon ua umachine
uand uavailable uto uthe upublic.
3.0 uDomain u3: uSecurity uArchitecture uand uEngineering
3.5 uAssess uand umitigate uthe uvulnerabilities uof usecurity uarchitectures, udesigns,
uand usolution uelements
Edition
Signature Detection
Signature detection mechanisms use known descriptions of viruses to identify malicious
code resident on a system.
Domain 3: Security Architecture and Engineering
3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and
solution elements
Malicious Code - What is the most commonly used technique to protect against virus
attacks?
A Signature detection
B Automated reconstruction
C Data integrity assurance
D Heuristic detection
Backdoor
Back doors are undocumented command sequences that allow individuals with
knowledge of the back door to bypass normal access restrictions.
Domain 3: Security Architecture and Engineering
3.6 Assess and mitigate uvulnerabilities uin uweb-based usystems
Application uAttacks u- uBen's usystem uwas uinfected uby umalicious ucode uthat
umodified uthe uoperating usystem uto uallow uthe umalicious ucode uauthor uto ugain
uaccess uto uhis ufiles. uWhat utype uof uexploit udid uthis uattacker uengage uin?
A uEscalation uof uprivilege
B uBack udoor
C uRootkit
D uBuffer uoverflow
Buffer uOverflow
Buffer uoverflow uattacks uallow uan uattacker uto umodify uthe ucontents uof ua usystem's
umemory uby uwriting ubeyond uthe uspace uallocated ufor ua uvariable.
Domain u3: uSecurity uArchitecture uand uEngineering
3.6 uAssess uand umitigate uvulnerabilities uin uweb-based usystems
Application uAttacks u- uWhat utype uof uapplication uvulnerability umost udirectly uallows
uan uattacker uto umodify uthe ucontents uof ua usystem's umemory?
A uTOC/TOU
B uBack udoor
C uRootkit
,C725 WGU CISSP Study Guide 8th
Edition
D uBuffer uoverflow
Reflected uInput
Cross-site uscripting uattacks uare usuccessful uonly uagainst uweb uapplications uthat
uinclude ureflected uinput.
Domain u8: uSoftware uDevelopment uSecurity
8.5 uDefine uand uapply usecure ucoding uguidelines uand ustandards
Web uApp uSecurity u- uWhat ucondition uis unecessary uon ua uweb upage ufor uit uto ube
uused uin ua ucross-site uscripting uattack?
A u.NET utechnology
B uDatabase-driven ucontent
C uReflected uinput
D uCGI uscripts
Stuxnet
Stuxnet uwas ua uhighly usophisticated uworm udesigned uto udestroy unuclear uenrichment
ucentrifuges uattached uto uSiemens ucontrollers.
3.0 uDomain u3: uSecurity uArchitecture uand uEngineering
3.5 uAssess uand umitigate uthe uvulnerabilities uof usecurity uarchitectures, udesigns,
uand usolution uelements
Malicious uCode u- uWhat uworm uwas uthe ufirst uto ucause umajor uphysical udamage uto ua
ufacility?
A uMelissa
B uRTM
C uStuxnet
D uCode uRed
DMZ u(demilitarized uzone)
The uDMZ u(demilitarized uzone) uis udesigned uto uhouse usystems ulike uweb uservers
uthat umust ube uaccessible ufrom uboth uthe uinternal uand uexternal unetworks.
Domain u8: uSoftware uDevelopment uSecurity
8.2 uIdentify uand uapply usecurity ucontrols uin udevelopment uenvironments
Web uApp uSecurity u- uYou uare uthe usecurity uadministrator ufor uan ue-commerce
ucompany uand uare uplacing ua unew uweb userver uinto uproduction. uWhat unetwork uzone
ushould uyou uuse?
A uIntranet
B uSandbox
C uInternet
, C725 WGU CISSP Study Guide 8th
Edition
D uDMZ
fsas3alG
Except uoption uC, uthe uchoices uare uforms uof ucommon uwords uthat umight ube ufound
uduring ua udictionary uattack. umike uis ua uname uand uwould ube ueasily udetected. uelppa
uis usimply uapple uspelled ubackward, uand udayorange ucombines utwo udictionary uwords.
uCrack uand uother uutilities ucan ueasily usee uthrough uthese u"sneaky" utechniques. uOption
uC uis usimply ua urandom ustring uof ucharacters uthat ua udictionary uattack uwould unot
uuncover.
Domain u3: uSecurity uArchitecture uand uEngineering
3.6 uAssess uand umitigate uvulnerabilities uin uweb-based usystems
Password uAttacks u- uWhich uone uof uthe ufollowing upasswords uis uleast ulikely uto ube
ucompromised uduring ua udictionary uattack?
A uelppa
B udayorange
C ufsas3alG
D umike
Salting
Salting upasswords uadds ua urandom uvalue uto uthe upassword uprior uto uhashing, umaking
uit uimpractical uto uconstruct ua urainbow utable uof uall upossible uvalues.
3.0 uDomain u3: uSecurity uArchitecture uand uEngineering
3.6 uAssess uand umitigate uvulnerabilities uin uweb-based usystems
Password uAttacks u- uWhat utechnique umay ube uused uto ulimit uthe ueffectiveness uof
urainbow utable uattacks?
A uSalting
B uHashing
C uTransport uencryption
D uDigital usignatures
Port uScan
Port uscans ureveal uthe uports uassociated uwith uservices urunning uon ua umachine
uand uavailable uto uthe upublic.
3.0 uDomain u3: uSecurity uArchitecture uand uEngineering
3.5 uAssess uand umitigate uthe uvulnerabilities uof usecurity uarchitectures, udesigns,
uand usolution uelements
