WGU D385 LOGGING AND SECURITY ISSUES OBJECTIVE ASSESSMENT 2024 ACTUAL EXAM TEST BANK

/ Exams & Certification / By

WGU D385 LOGGING AND SECURITY ISSUES OBJECTIVE ASSESSMENT

Which two classes does the bdb module implement? – ANSWER- –
Breakpoint

  • Bdb
    Which attribute provides a dictionary of breakpoint instances? –
    ANSWER- – bplist
  • maintains a (file, line) tuple of breakpoints
    Which function can be used to return all set breakpoints? – ANSWER- –
    get_all_breaks( )
  • returns a string with all set breakpoints
    Which three data types are considered user-provided? – ANSWER- –
    cookies
  • POST data payloads
  • URL parameters

How many arguments does the clear_break() method take? – ANSWER-

  • Two
  • filename, line number
    Which three QA security-specific test type categories must be performed
    on software? – ANSWER- – benchmark
  • scheduled
  • exploratory
    Manual Code Review Process Steps – ANSWER- 1. identify security
    code review objectives
  1. perform preliminary scan
  2. review code for security issues
  3. review for security issues unique to the architecture
    What are limitations of Static Code Analysis? – ANSWER- – does not
    account for runtime vulnerabilities
  • requires the tester to posses both testing and software development
    skills
  • tools would have to be language specific
    What are advantages of Static Code Analysis? – ANSWER- – fast
    turnaround time, especially when tools are used

What are advantages of Dynamic Code Analysis? – ANSWER- – there is
no need to understand how to write software
What are limitations of Dynamic Code Analysis? – ANSWER- – false
negatives and false positives

  • dependent on the correctness of the rules
  • false sense of security
    How should Loggers be instantiated? – ANSWER- – never instantiated
    directly
  • always through the module-level function
  • logging.getLogger(name)
    What Logger method sets the threshold for the logger instance?
    How does it work? – ANSWER- – setLevel(level)
  • logging messages which are less severe than “level” will be ignored
  • logging messages which have severity “level” or higher will be emitted
    by whichever handle or handlers service this logger
    Security Logs – ANSWER- – record access to resources such as files,
    folders, printers
    What standard specifies minimum security requirements for audit data
    (logs)? – ANSWER- – NIST FIPS 200

Defensive Coding Basic Concepts? – ANSWER- – all data is important

  • all data is tainted
  • all code is insecure
  • design by contract
  • sanitize (make sure no attack characters)
    6 important aspects of OSSTMM? – ANSWER- – Open Source Security
    Testing Methodology Manual
  1. project scope
  2. confidentiality
  3. change process
  4. test plan
  5. test process
  6. reporting standard
    Six Sigma DMAIC – ANSWER- – define
  • measure
  • analyze
  • improve
  • control
    Six Sigma DMADV – ANSWER- – define
  • measure

Download the full exam pdf here https://learnexams.com/search/study?query=

Related Posts

Scroll to Top