[2025] Valid GWEB test answers & GIAC GWEB exam pdf [Q35-Q58]

Rate this post

[2025] Valid GWEB test answers & GIAC GWEB exam pdf

Verified GWEB dumps Q&As – Pass Guarantee or Full Refund

Q35. What are common security measures for securing web server configurations?
(Choose two)
Response:

Enabling directory listing

Using TLS/SSL to encrypt communication

Restricting access to administrative interfaces

Allowing HTTP requests without validation

Q36. What are the best practices for securing session management in web applications?
(Choose two)
Response:

Using long, unpredictable session tokens

Storing session tokens in local storage

Setting session expiration times

Allowing session tokens to be transmitted via URL

Q37. In the context of securing AJAX applications against XSS attacks, which of the following practices should developers follow?
(Choose Two)
Response:

Trust all user input and encode output based on the context

Validate and sanitize all user input to prevent malicious scripts from executing

Store sensitive information in global JavaScript variables for easy access

Implement strict content security policies that define the origins that can serve executable scripts

Q38. What is a common vulnerability associated with the improper handling of session tokens?
Response:

The website becomes more susceptible to SQL injection attacks.

Session tokens may be leaked through Referrer headers.

Increased vulnerability to cross-site scripting (XSS) attacks.

Allowing unlimited file size uploads.

Q39. Which security measure helps prevent unauthorized access to data transmitted via AJAX?
Response:

Disabling JavaScript

Enforcing HTTPS for all AJAX calls

Using HTTP for better performance

Reducing API request size

Q40. What is the primary condition that makes a CSRF attack possible?
Response:

Insecure password storage

Lack of user input validation

Reuse of user session tokens across different sites

Cross-origin resource sharing misconfiguration

Q41. Why is it important to secure the communication channel during the authentication process?
Response:

To ensure faster data transfer

To prevent unauthorized disclosure of credentials

To allow for easier integration with third-party services

To reduce the load on authentication servers

Q42. When securing an AJAX application, which of the following practices should be implemented to protect against common attacks?
(Choose Two)
Response:

Disabling client-side scripting

Validating and sanitizing all input on the server-side

Using GET requests for sensitive transactions

Implementing Content Security Policy (CSP)

Q43. What is the primary role of a reverse proxy in a web application architecture?
Response:

To distribute load among several servers.

To encrypt outgoing server responses.

To act as an intermediary for requests from clients seeking resources from servers.

To provide additional compute resources to a server.

Q44. In the context of mitigating CORS attacks, why is it important to restrict access to sensitive resources based on the Origin header?
Response:

Because the Origin header cannot be altered by attackers.

It ensures that only requests from trusted origins are allowed.

Because it provides a way to log the origins of incoming requests.

It guarantees encryption of the transmitted data.

Q45. What is a significant risk when using third-party authentication services?
Response:

Reduced complexity for user login processes

Potential for centralized access point vulnerabilities

Increased website performance

Simplification of the authentication process

Q46. Which access control mechanism assigns privileges based on a user’s role in the organization?
Response:

Discretionary Access Control (DAC)

Role-Based Access Control (RBAC)

Mandatory Access Control (MAC)

Time-Based Access Control (TBAC)

Q47. What are the key components of an HTTP request?
(Choose two)
Response:

Request line

URL scheme

Response body

Headers

Q48. What is the role of ‘SameSite’ cookie attribute in preventing CSRF attacks?
Response:

It prevents cookies from being sent in cross-site requests

It ensures cookies are only sent over HTTPS

It isolates cookies to specific domain paths to prevent unauthorized access

It encrypts cookies to prevent interception and tampering

Q49. For effective mitigation of cross-origin policy attacks, what should be implemented?
(Choose Three)
Response:

Using document.domain for cross-origin resource sharing

Validating and sanitizing all user input

Implementing Content Security Policy (CSP)

Employing strict CORS policies

Allowing all subdomains to share resources freely

Q50. What is the role of a reverse proxy in web application architecture?
Response:

To route requests from the client to the backend servers

To intercept and modify user requests

To load balance traffic across multiple web servers

To cache static content

Q51. Which of the following cryptographic techniques is commonly used to secure data in transit for web applications?
Response:

AES encryption

RSA encryption

TLS/SSL

MD5 hashing

Q52. What is a key security consideration when working with modern application frameworks such as Angular or React?
Response:

Implementing server-side encryption only

Preventing Cross-Site Scripting (XSS) vulnerabilities through input/output validation

Disabling server-side validation

Avoiding JSON usage for data transfer

Q53. What is the primary benefit of using asymmetric encryption over symmetric encryption for data in transit?
Response:

Higher encryption speed

No need for key exchange

Better compatibility with older systems

More options for key lengths

Q54. An organization is assessing its access control systems to mitigate potential attacks. Which of the following are effective strategies to prevent unauthorized access?
(Choose Two)
Response:

Implementing least privilege principles

Using single-factor authentication for all access points

Regularly reviewing and updating access controls

Implementing open access policies to reduce complexity

Q55. Which practice is essential for maintaining security in web applications that handle serialization and deserialization?
Response:

Using the most efficient serialization library

Restricting serialized data to authenticated users

Monitoring the size of serialized data

Logging all serialization and deserialization operations

Q56. When responding to incidents in a web application environment, which of the following steps should be taken first?
Response:

Notify the legal department immediately.

Contain the breach to prevent further unauthorized access.

Update the website’s content to inform users about the incident.

Conduct a post-mortem analysis to understand the breach’s root cause.

Q57. What is the primary purpose of using session tokens in web applications?
Response:

To enhance the loading speed of the web application

To maintain the user’s session state between requests

To encrypt data during transmission

To increase bandwidth efficiency

Q58. In the context of mitigating access control issues, why is it important to have a robust identity and access management (IAM) solution in place?
Response:

It ensures that all users have admin privileges to facilitate easy access to information.

It helps in the consolidation of all security systems into a single platform.

It enables automated provisioning and deprovisioning of access rights.

It provides a detailed inventory of all organizational assets.