WGU D385 OA EXAM / WGU D385 LOGGING AND SECURITY ISSUES OBJECTIVE ASSESSMENT NEWEST 2024 ACTUAL EXAM TEST BANK 200 QUESTIONS AND CORRECT DETAILED ANSWERS (VERIFIED ANSWERS) |ALREADY GRADED A+

1 | P a g e WGU D385 OA EXAM / WGU D385 LOGGING AND SECURITY ISSUES OBJECTIVE ASSESSMENT NEWEST 2024 ACTUAL EXAM TEST BANK 200 QUESTIONS AND CORRECT DETAILED ANSWERS (VERIFIED ANSWERS) |ALREADY GRADED A+ WGU D385 LOGGING AND SECURITY ISSUES OA Which two classes does the bdb module implement? - ANSWER- - Breakpoint - Bdb Which attribute provides a dictionary of breakpoint instances? - ANSWER- - bplist - maintains a (file, line) tuple of breakpoints Which function can be used to return all set breakpoints? - ANSWER- - get_all_breaks( ) - returns a string with all set breakpoints Which three data types are considered user-provided? - ANSWER- - cookies - POST data payloads - URL parameters 2 | P a g e How many arguments does the clear_break() method take? - ANSWER- - Two - filename, line number Which three QA security-specific test type categories must be performed on software? - ANSWER- - benchmark - scheduled - exploratory Manual Code Review Process Steps - ANSWER- 1. identify security code review objectives 2. perform preliminary scan 3. review code for security issues 4. review for security issues unique to the architecture What are limitations of Static Code Analysis? - ANSWER- - does not account for runtime vulnerabilities - requires the tester to posses both testing and software development skills - tools would have to be language specific What are advantages of Static Code Analysis? - ANSWER- - fast turnaround time, especially when tools are used 3 | P a g e What are advantages of Dynamic Code Analysis? - ANSWER- - there is no need to understand how to write software What are limitations of Dynamic Code Analysis? - ANSWER- - false negatives and false positives - dependent on the correctness of the rules - false sense of security How should Loggers be instantiated? - ANSWER- - never instantiated directly - always through the module-level function - logging.getLogger(name) What Logger method sets the threshold for the logger instance? How does it work? - ANSWER- - setLevel(level) - logging messages which are less severe than "level" will be ignored - logging messages which have severity "level" or higher will be emitted by whichever handle or handlers service this logger Security Logs - ANSWER- - record access to resources such as files, folders, printers What standard specifies minimum security requirements for audit data (logs)? - ANSWER- - NIST FIPS 200 4 | P a g e Defensive Coding Basic Concepts? - ANSWER- - all data is important - all data is tainted - all code is insecure - design by contract - sanitize (make sure no attack characters) 6 important aspects of OSSTMM? - ANSWER- - Open Source Security Testing Methodology Manual 1. project scope 2. confidentiality 3. change process 4. test plan 5. test process 6. reporting standard Six Sigma DMAIC - ANSWER- - define - measure - analyze - improve - control Six Sigma DMADV - ANSWER- - define - measure