GIAC Certified Web Application Defender (GWEB) Free Practice Test

Question 1

What is the purpose of HTTP status code 404?
Response:

A. Server error

B. Unauthorized

C. Not found

D. Forbidden

Correct Answer: C

Question 2

When dealing with serialization, which two of the following are crucial security considerations?
(Choose Two)
Response:

A. Avoiding the exposure of sensitive data during the serialization process

B. Ensuring that data is serialized in a compact format

C. Using only native serialization formats for security

D. Validating serialized objects before deserializing them

Correct Answer: A,D

Question 3

Which practice is essential for maintaining security in web applications that handle serialization and deserialization?
Response:

A. Using the most efficient serialization library

B. Monitoring the size of serialized data

C. Logging all serialization and deserialization operations

D. Restricting serialized data to authenticated users

Correct Answer: D

Question 4

What is the purpose of the HTTP GET method?
Response:

A. To submit form data to the server

B. To update data on the server

C. To delete data from the server

D. To retrieve data from the server

Correct Answer: D

Question 5

In the context of web services, what is the primary security concern with improperly secured WSDL files?
Response:

A. They cause significant performance degradation.

B. They prevent the web service from being discovered.

C. They can lead to the exposure of backend system details.

D. They enforce overly strict communication protocols.

Correct Answer: C

Question 6

How should a web application securely handle the regeneration of session IDs?
Response:

A. By keeping the same session ID but changing associated permissions upon login.

B. By regenerating a new session ID upon user authentication and invalidating the old one.

C. By broadcasting the new session ID to all active users to ensure synchronization.

D. By regenerating the session ID at regular intervals without user interaction.

Correct Answer: B

Question 7

Which of the following are effective strategies to mitigate cross-origin attacks?
(Choose two)
Response:

A. Restricting CORS headers to known and trusted origins

B. Allowing any domain to access resources

C. Using insecure CORS configurations

D. Implementing Content Security Policy (CSP)

Correct Answer: A,D

Question 8

What is the primary role of a reverse proxy in a web application architecture?
Response:

A. To encrypt outgoing server responses.

B. To distribute load among several servers.

C. To act as an intermediary for requests from clients seeking resources from servers.

D. To provide additional compute resources to a server.

Correct Answer: C

Question 9

What is the main purpose of implementing session tokens in a web application?
Response:

A. To maintain a stateful interaction between the client and the server.

B. To store user preferences for language settings only.

C. To facilitate the targeted advertising system.

D. To track the number of visits a user makes to the site.

Correct Answer: A

Question 10

What is the primary function of WSDL (Web Services Description Language)?
Response:

A. To monitor web service performance

B. To authenticate users accessing web services

C. To handle exceptions in web services

D. To describe the format and communication protocols used by a web service

Correct Answer: D

Question 11

What are common threats to web services security, and how can they be mitigated?
(Choose two)
Response:

A. XML External Entity (XXE) attacks, mitigated by disabling external entity processing

B. Cross-Site Scripting (XSS), mitigated by input validation

C. Buffer overflows, mitigated by reducing the number of web service endpoints

D. SQL injection, mitigated by allowing direct database access

Correct Answer: A,B

Question 12

In the context of input validation, which approach is recommended for securing a web application?
Response:

A. Applying a whitelist approach to validate expected input

B. Using a blacklist to filter out known bad characters

C. Relying on client-side validation for performance optimization

D. Encrypting all input data before processing

Correct Answer: A

Welcome to TestSimulate

GIAC Certified Web Application Defender (GWEB) Free Practice Test