WGU D385 FINAL EXAM QUESTIONS WITH CORRECT DETAILED ANSWERS 2023 What is Defensive Programming? - ANSWER- - assume mistakes will happen and guard against them - assertions are the most common way of doing this - code checks itself as it runs - always check, validate, and sanitize data Which attribute provides a dictionary of breakpoint instances? - ANSWER- - bplist - maintains a (file, line) tuple of breakpoints Which function can be used to return all set breakpoints? - ANSWER- - get_all_breaks( ) - returns a string with all set breakpoints Which 3 data types are considered user-provided? - ANSWER- - cookies - POST data payloads - URL parameters What are limitations of Static Code Analysis - ANSWER- - does not account for runtime vulnerabilities - requires the tester to posses both testing and software development skills - tools would have to be language specific Advantage of Static Code Analysis? - ANSWER- - fast turnaround time - especially when tools are used Advantage of Dynamic Code Analysis? - ANSWER- - no need to understand how to write software - finds runtime vulnerabilities - requires only a running system; conducted on any application Limitations of Dynamic Code Analysis? - ANSWER- - false positives and false negatives - dependent on the correctness of the rules - false sense of security - difficult to trace back to exact location What kind of attacks does Client-side Testing look to prevent? - ANSWER- - XSS - SQLi - CORS - Clickjacking - HTML injection Secure Unit Testing - ANSWER- - check for bad input - bypass security - inject bad data How to hash with sha256 in Python? - ANSWER- import hashlibsha256 = hashlib.sha256()sha256.update(b'message')hash = sha256.hexdigest() Examples of Block Ciphers? - ANSWER- - Triple DES - Blowfish - Twofish - AES Examples of Stream Ciphers? - ANSWER- - RC4 - ChaCha TLS Handshake: 3 Tasks - ANSWER- 1. cipher suite negotiation 2. key exchange 3. server authentication Set-Cookie Response Header 5 Directives? - ANSWER- - HttpOnly - SameSite - Secure - Domain - Max-Age Secure Directive - ANSWER- - prevents MITM - ensures cookie transmitted over HTTPS OAuth 4 Phases - ANSWER- 1. requesting authorization 2. granting authorization 3. performing token exchange 4. accessing protected resources What kind of attack does client testing seek to prevent? - ANSWER- - HTML-injection Attack Which security dimension involves determining who created which data? - ANSWER- - data authentication What is the preimage resistance property of a hash function? - ANSWER- - one-way function Which two safeguards does a digital signature guarantee? (Choose 2 answers.) - ANSWER- - nonrepudiation - data integrity 3 methods for protecting against XSS? - ANSWER- - validating input - escaping output - managing response headers