WGU C836|D430 FUNDAMENTALS OF INFORMATION SECURITY EXAM 202
QUESTIONS AND ANSWERS | ACCURATE AND VERIFIED FOR GUARANTEE
PASS | GRADED A
1. bounds checking: to set a limit on the amount of data we expect to receive to set aside storage for that data
*required in most programming languages
* prevents butter overflows
2. race conditions: A type of software development vulnerability that occurs when multiple processes or multiple
threads within a process control or share access to a particular resource, and the correct handling of that resource
depends on the proper ordering or timing of transactions
3. input validation: a type of attack that can occur when we fail to validate the input to our applications or take
steps to filter out unexpected or undesirable content
4. format string attack: a type of input validation attacks in which certain print functions within a program-
ming language can be used to manipulate or view the internal memory of an application
5. authentication attack: A type of attack that can occur when we fail to use strong authentication mecha-
nisms for our applications
6. authorization attack: A type of attack that can occur when we fail to use authorization best practices for
our applications
https://www.stuvia.com/user/MBOFFIN
, 7. cryptographic attack: A type of attack that can occur when we fail to properly design our security
mechanisms when implementing cryptographic controls in our applications
8. client-side attack: A type of attack that takes advantage of weaknesses in the software loaded on client
machines or one that uses social engineering techniques to trick us into going along with the attack
9. XSS (Cross Site Scripting): an attack carried out by placing code in the form of a scripting language into
a web page or other media that is interpreted by a client browser
10. XSRF (cross-site request forgery): an attack in which the attacker places a link on a web page in
such a way that it will be automatically executed to initiate a particular activity on another web page or application where
the user is currently authenticated
11. SQL Injection Attack: Attacks against a web site that take advantage of vulnerabilities in poorly coded SQL
(a standard and common database software application) applications in order to introduce malicious program code
into a company's systems and networks.
12. clickjacking: An attack that takes advantage of the graphical display capabilities of our browser to trick us into
clicking on something we might not otherwise
13. server-side attack: A type of attack on the web server that can target vulnerabilities such as lack of input
validation, improper or inadequate permissions, or extraneous files left on the server from the development process
14. Protocol issues, unauthenticated access, arbitrary code execution, and priv-
ilege escalation: Name the 4 main categories of database security issues
https://www.stuvia.com/user/MBOFFIN
, 15. web application analysis tool: A type of tool that analyzes web pages or web-based applications
and searches for common flaws such as XSS or SQL injection flaws, and improperly set permissions, extraneous files,
outdated software versions, and many more such items
16. protocol issues: unauthenticated flaws in network protocols, authenticated flaws in network protocols, flaws
in authentication protocols
17. arbitrary code execution: An attack that exploits an applications vulnerability into allowing the attacker
to execute commands on a user's computer.
* arbitrary code execution in intrinsic or securable SQL elements
18. Privilege Escalation: An attack that exploits a vulnerability in software to gain access to resources that the
user normally would be restricted from accessing.
* via SQL injection or local issues
19. validating user inputs: a security best practice for all software
* the most ettective way of mitigating SQL injection attacks
20. Nikto (and Wikto): A web server analysis tool that performs checks for many common server-side vulner-
abilities & creates an index of all the files and directories it can see on the target web server (a process known as
spidering)
https://www.stuvia.com/user/MBOFFIN
QUESTIONS AND ANSWERS | ACCURATE AND VERIFIED FOR GUARANTEE
PASS | GRADED A
1. bounds checking: to set a limit on the amount of data we expect to receive to set aside storage for that data
*required in most programming languages
* prevents butter overflows
2. race conditions: A type of software development vulnerability that occurs when multiple processes or multiple
threads within a process control or share access to a particular resource, and the correct handling of that resource
depends on the proper ordering or timing of transactions
3. input validation: a type of attack that can occur when we fail to validate the input to our applications or take
steps to filter out unexpected or undesirable content
4. format string attack: a type of input validation attacks in which certain print functions within a program-
ming language can be used to manipulate or view the internal memory of an application
5. authentication attack: A type of attack that can occur when we fail to use strong authentication mecha-
nisms for our applications
6. authorization attack: A type of attack that can occur when we fail to use authorization best practices for
our applications
https://www.stuvia.com/user/MBOFFIN
, 7. cryptographic attack: A type of attack that can occur when we fail to properly design our security
mechanisms when implementing cryptographic controls in our applications
8. client-side attack: A type of attack that takes advantage of weaknesses in the software loaded on client
machines or one that uses social engineering techniques to trick us into going along with the attack
9. XSS (Cross Site Scripting): an attack carried out by placing code in the form of a scripting language into
a web page or other media that is interpreted by a client browser
10. XSRF (cross-site request forgery): an attack in which the attacker places a link on a web page in
such a way that it will be automatically executed to initiate a particular activity on another web page or application where
the user is currently authenticated
11. SQL Injection Attack: Attacks against a web site that take advantage of vulnerabilities in poorly coded SQL
(a standard and common database software application) applications in order to introduce malicious program code
into a company's systems and networks.
12. clickjacking: An attack that takes advantage of the graphical display capabilities of our browser to trick us into
clicking on something we might not otherwise
13. server-side attack: A type of attack on the web server that can target vulnerabilities such as lack of input
validation, improper or inadequate permissions, or extraneous files left on the server from the development process
14. Protocol issues, unauthenticated access, arbitrary code execution, and priv-
ilege escalation: Name the 4 main categories of database security issues
https://www.stuvia.com/user/MBOFFIN
, 15. web application analysis tool: A type of tool that analyzes web pages or web-based applications
and searches for common flaws such as XSS or SQL injection flaws, and improperly set permissions, extraneous files,
outdated software versions, and many more such items
16. protocol issues: unauthenticated flaws in network protocols, authenticated flaws in network protocols, flaws
in authentication protocols
17. arbitrary code execution: An attack that exploits an applications vulnerability into allowing the attacker
to execute commands on a user's computer.
* arbitrary code execution in intrinsic or securable SQL elements
18. Privilege Escalation: An attack that exploits a vulnerability in software to gain access to resources that the
user normally would be restricted from accessing.
* via SQL injection or local issues
19. validating user inputs: a security best practice for all software
* the most ettective way of mitigating SQL injection attacks
20. Nikto (and Wikto): A web server analysis tool that performs checks for many common server-side vulner-
abilities & creates an index of all the files and directories it can see on the target web server (a process known as
spidering)
https://www.stuvia.com/user/MBOFFIN
