WGU D385 OA EXAM / WGU D385 LOGGING AND SECURITY ISSUES OBJECTIVE ASSESSMENT NEWEST 2024 ACTUAL EXAM TEST BANK 200 QUESTIONS AND CORRECT DETAILED ANSWERS (VERIFIED ANSWERS) |ALREADY GRADED A+

What happens if a cookie is set without a max-age directive?
- ...ANSWER...The browser will automatically use a
browser-length session where the browser keeps the cookie
alive for as long as the tab stays open.
What do simple cache-based sessions do? -
...ANSWER...Allow you to store session state in a cache
service like Memcached or Redis. A cache service is fast,
but data can potentially be lost. Because these are session
states, data loss can just mean the user logs in again.
What do write-through cache-based sessions do? -
...ANSWER...Allow you to combine a cache service and a
database to manage session state. When Django writes
sessions state to the cache, it'll also write through to the
database.
What does Django use the SECRET_KEY setting for? -
...ANSWER...Keyed hashing (not encryption)
What is salting? - ...ANSWER...A way to compute a
different hash value from two or more identical messages.
East message is paired with a unique salt (a random string of
bytes).
What is the safest way to hash passwords? Why? -
...ANSWER...Key Derivation Functions (KDFs). These
functions consume a lot of resources and are slow, making
them much more difficult to crack. You determine how slow
it is by adjusting the configuration parameters you give it
What is the most widely used KDF (key derivative function)
in Python? What is the newer better replacement for it? -
...ANSWER...PBKDF2 (password-based key derivative
function 2) is the old standard, Argon2 is the replacement
(uses memory intensiveness in addition to the classic
computational intensiveness).
What is the difference between authorization and
authentication? - ...ANSWER...Authentication relates to
who a user is. Authorization relates to what a user can do.
What is a permission? - ...ANSWER...The most atomic form
of authorization. It allows a person, or group of people, to do
one and only one thing.
What are groups for? - ...ANSWER...Groups provide a way
to associate a set of permissions with a set of users.
What is OAuth2? - ...ANSWER...An industry standard
authorization protocol that enables users to authorize thirdparty access to protected resources without exposing their
credentials to the third party. (Ex: log in with Google)
What penetration test involves attempting to have users
divulge sensitive information - ...ANSWER...Social
engineering test
What is remote dial-up war dialing? - ...ANSWER...A
security testing technique used to identify and assess the
vulnerability of remote access systems, such as modems or
remote access servers, to unauthorized access. Countless
attempts (brute force) to connect to modems are made in this
test.
What does a web application penetration test do? -
...ANSWER...Aims to identify gaps in components that
house web application resources, such as the source code.
What is HTML-injection? - ...ANSWER...An attacker
injects malicious HTML code in web applications that can
accept user input (like forms). These attacks exploit forms
that take input without properly validating or sanitizing the
input.
What tests are involved in mobile application penetration
testing? - ...ANSWER...1. Static analysis- extracting
elements (metadata and source code) and using them to
perform reverse engineering.
2. Dynamic analysis- finding vulnerabilities while the
application is running on the device.