Real GIAC GWEB Exam Dumps with Correct 187 Questions and Answers
Valid GWEB Test Answers & GIAC GWEB Exam PDF
NEW QUESTION # 69
Which of the following practices enhance AJAX application security?
(Choose two)
Response:
- A. Using POST requests for sensitive data operations
- B. Implementing secure tokens for session management
- C. Allowing cross-site scripting (XSS) to enhance functionality
- D. Encrypting AJAX requests and responses
Answer: B,D
NEW QUESTION # 70
Which of the following components is NOT typically involved in web application architecture?
Response:
- A. Web Server
- B. Mail Server
- C. Application Server
- D. Database Server
Answer: B
NEW QUESTION # 71
Which security measure helps prevent unauthorized access to data transmitted via AJAX?
Response:
- A. Enforcing HTTPS for all AJAX calls
- B. Using HTTP for better performance
- C. Disabling JavaScript
- D. Reducing API request size
Answer: A
NEW QUESTION # 72
What is a common security risk associated with the use of insecure deserialization in web applications?
Response:
- A. It simplifies input validation
- B. It allows faster data processing
- C. It increases the application's load time
- D. It enables the execution of arbitrary code by attackers
Answer: D
NEW QUESTION # 73
What is a fundamental aspect of securing a web application that employs various modern application frameworks?
Response:
- A. Keeping all framework components up to date
- B. Conducting thorough user acceptance testing
- C. Regularly updating user interface themes
- D. Ensuring compatibility with all web browsers
Answer: A
NEW QUESTION # 74
What are common techniques to prevent input-related vulnerabilities in web applications?
(Choose two)
Response:
- A. Validating input length, type, and format
- B. Implementing output encoding for all user input
- C. Allowing arbitrary input into SQL queries
- D. Disabling input validation for specific users
Answer: A,B
NEW QUESTION # 75
Which of the following are common techniques used in web application security testing?
(Choose two)
Response:
- A. Disabling server logs during testing
- B. Fuzzing to identify input vulnerabilities
- C. Code injection to discover vulnerabilities
- D. Using deprecated encryption algorithms
Answer: B,D
NEW QUESTION # 76
What is the role of 'SameSite' cookie attribute in preventing CSRF attacks?
Response:
- A. It ensures cookies are only sent over HTTPS
- B. It prevents cookies from being sent in cross-site requests
- C. It isolates cookies to specific domain paths to prevent unauthorized access
- D. It encrypts cookies to prevent interception and tampering
Answer: B
NEW QUESTION # 77
Which of the following is NOT a recommended practice for managing cryptographic keys?
Response:
- A. Using hardware security modules for key storage
- B. Storing keys hard-coded in the application code
- C. Backing up keys in multiple secure locations
- D. Periodic key rotation
Answer: B
NEW QUESTION # 78
What are effective proactive defense measures for a web application?
(Choose Two)
Response:
- A. Deploying a web application firewall (WAF)
- B. Using intrusion detection systems at the application layer
- C. Conducting regular security awareness training
- D. Implementing network-level DDoS protection
Answer: A,B
NEW QUESTION # 79
Which of the following measures can help prevent malicious file uploads in web applications?
(Choose two)
Response:
- A. Allowing uploads to any directory on the server
- B. Limiting file sizes to reduce risk
- C. Using file type validation
- D. Disabling server-side validation
Answer: B,C
NEW QUESTION # 80
What are common security measures for securing web server configurations?
(Choose two)
Response:
- A. Using TLS/SSL to encrypt communication
- B. Enabling directory listing
- C. Allowing HTTP requests without validation
- D. Restricting access to administrative interfaces
Answer: A,D
NEW QUESTION # 81
What are best practices for conducting security testing on web applications?
(Choose two)
Response:
- A. Ignoring any identified vulnerabilities that do not seem critical
- B. Regularly conducting penetration tests
- C. Allowing unrestricted access to testing environments
- D. Testing both the client and server-side components
Answer: B,D
NEW QUESTION # 82
What is the primary goal of conducting security testing on a web application?
Response:
- A. To identify vulnerabilities that could be exploited by attackers.
- B. To enhance the user interface for better customer satisfaction.
- C. To verify that the website is operational 24/7 without downtime.
- D. To ensure the application is scalable and can handle growth in traffic.
Answer: A
NEW QUESTION # 83
What tool is commonly used for automated web application security testing?
Response:
- A. Docker
- B. Terraform
- C. Wireshark
- D. Burp Suite
Answer: D
NEW QUESTION # 84
What is the Same-Origin Policy (SOP) designed to prevent?
Response:
- A. Unauthorized cross-domain access to resources
- B. Cross-site scripting (XSS) attacks
- C. Server-side request forgery (SSRF)
- D. SQL injection attacks
Answer: A
NEW QUESTION # 85
......
GWEB Exam Questions and Valid PMP Dumps PDF: https://testinsides.vcedumps.com/GWEB-examcollection.html
