GIAC Web Application Penetration Tester GWAPT (GWAPT) Free Practice Test

Question 1

What is credential stuffing?

A. Exploiting buffer overflow vulnerabilities

B. Injecting SQL commands into login fields

C. Forcing a server reboot through unauthorized commands

D. Using stolen credentials from one breach to log into another system

Correct Answer: D

Question 2

What are common indicators of a CSRF attack? (Choose two)

A. Disconnected user sessions

B. Unusual administrative actions performed without user consent

C. Unauthorized password changes

D. Frequent timeout errors in the web application

Correct Answer: B,C

Question 3

You discover that a web application reflects user input in the URL. How can you confirm a Reflected XSS vulnerability?

A. Test all API endpoints

B. Reboot the web server

C. Perform SQL injection tests

D. Inject <script>alert('XSS')</script> in the URL and observe browser behavior

Correct Answer: D

Question 4

What is a potential consequence of improper session management?

A. Faster application load times

B. Improved user experience

C. Unauthorized access to user accounts

D. Reduced bandwidth usage

Correct Answer: C

Question 5

Which header is commonly used to prevent Cross-Site Request Forgery attacks?

A. User-Agent

B. Content-Type

C. Accept-Encoding

D. X-CSRF-Token

Correct Answer: D

Question 6

During a configuration audit, you find that directory listing is enabled. What is the associated risk?

A. Unauthorized directory traversal

B. Exposure of sensitive files and directories

C. Unauthorized modification of session cookies

D. Execution of stored XSS payloads

Correct Answer: B

Question 7

What are key objectives of mapping a web application? (Choose two)

A. Discovering potential input fields

B. Identifying all available pages and endpoints

C. Reducing server downtime

D. Encrypting user credentials

Correct Answer: A,B

Question 8

What type of SQL injection attack modifies a database without revealing the results to the attacker?

A. Blind SQL injection

B. Second-order SQL injection

C. Error-based SQL injection

D. Union-based SQL injection

Correct Answer: A

Question 9

During a penetration test, you find a login form vulnerable to CSRF. What is your next step?

A. Test if session cookies are protected with the SameSite attribute

B. Create a phishing attack against the login page

C. Flood the login endpoint with requests

D. Inject SQL commands into the login form

Correct Answer: A

Question 10

Which feature of Burp Suite allows modification of HTTP/HTTPS requests before sending them to the server?

A. Intruder

B. Spider

C. Scanner

D. Repeater

Correct Answer: D

Welcome to TestSimulate

GIAC Web Application Penetration Tester GWAPT (GWAPT) Free Practice Test