
[2025年02月07日] あなたを合格させるGWEB無料最新問題集でGIAC練習テスト
無料でゲット!高評価GIAC GWEB試験問題集を今すぐダウンロード!
質問 # 70
What are best practices for conducting security testing on web applications?
(Choose two)
Response:
- A. Regularly conducting penetration tests
- B. Allowing unrestricted access to testing environments
- C. Testing both the client and server-side components
- D. Ignoring any identified vulnerabilities that do not seem critical
正解:A、C
質問 # 71
Which HTTP header is crucial for preventing unauthorized cross-origin requests in a web application?
Response:
- A. Access-Control-Allow-Origin
- B. Content-Security-Policy
- C. X-Frame-Options
- D. X-XSS-Protection
正解:A
質問 # 72
Which of the following is a key security risk associated with the deserialization of untrusted data?
Response:
- A. Loss of data granularity
- B. Increased latency in data processing
- C. Unintended data type conversion
- D. Arbitrary code execution
正解:D
質問 # 73
What is the main objective of penetration testing in web application security?
Response:
- A. To improve user experience
- B. To optimize web server performance
- C. To reduce the cost of hosting
- D. To identify and exploit vulnerabilities in the application
正解:D
質問 # 74
Which of the following techniques are effective in browser defense against web application attacks?
(Choose Two)
Response:
- A. Using Content Security Policy (CSP)
- B. Disabling JavaScript entirely
- C. Enabling Cross-Site Scripting (XSS) filters
- D. Implementing Cross-Origin Resource Sharing (CORS) policies
正解:A、C
質問 # 75
Which of the following is an effective mitigation technique against CSRF attacks?
Response:
- A. Disabling cookies in the user's browser
- B. Using the same-origin policy with no exceptions
- C. Using GET requests for state-changing operations
- D. Including a unique token in every POST request
正解:D
質問 # 76
What is a common security concern when using modern Java frameworks for web application development?
Response:
- A. Hardcoded credentials in the framework's source code
- B. The framework's incompatibility with modern databases
- C. Insecure direct object references
- D. The automatic enabling of verbose logging
正解:C
質問 # 77
In the context of web application security, what is the purpose of tokenization?
Response:
- A. To replace sensitive data with non-sensitive substitutes
- B. To encrypt data using a token-based system
- C. To validate data integrity
- D. To facilitate user authentication
正解:A
質問 # 78
In the context of securing AJAX applications against XSS attacks, which of the following practices should developers follow?
(Choose Two)
Response:
- A. Validate and sanitize all user input to prevent malicious scripts from executing
- B. Store sensitive information in global JavaScript variables for easy access
- C. Implement strict content security policies that define the origins that can serve executable scripts
- D. Trust all user input and encode output based on the context
正解:A、C
質問 # 79
Which of the following are common techniques used in web application security testing?
(Choose two)
Response:
- A. Code injection to discover vulnerabilities
- B. Disabling server logs during testing
- C. Using deprecated encryption algorithms
- D. Fuzzing to identify input vulnerabilities
正解:C、D
質問 # 80
Which of the following components is NOT typically involved in web application architecture?
Response:
- A. Web Server
- B. Application Server
- C. Database Server
- D. Mail Server
正解:D
質問 # 81
What is a key security concern when using WebAssembly in web applications?
Response:
- A. It bypasses the Same-Origin Policy
- B. It does not support encryption for data in transit
- C. It allows execution of untrusted code directly in the browser
- D. It increases network latency
正解:C
質問 # 82
Which of the following are critical aspects to consider when implementing encryption for data in transit?
(Choose Two)
Response:
- A. The choice of encryption algorithm
- B. Ensuring that all data is encrypted, not just sensitive data
- C. The physical security of the transmission medium
- D. The secure storage of encryption keys
正解:A、D
質問 # 83
What best practice should be followed when developing secure RESTful APIs?
Response:
- A. Implementing stateful session management
- B. Utilizing API keys transmitted over HTTP headers
- C. Avoiding the use of standard HTTP methods
- D. Restricting access with proper authentication and authorization
正解:D
質問 # 84
What is a fundamental aspect of securing a web application that employs various modern application frameworks?
Response:
- A. Keeping all framework components up to date
- B. Regularly updating user interface themes
- C. Ensuring compatibility with all web browsers
- D. Conducting thorough user acceptance testing
正解:A
質問 # 85
What is the primary function of cookies in web applications?
Response:
- A. To encrypt data transmissions between the user's browser and the web server.
- B. To serve targeted advertisements to users based on their browsing history.
- C. To increase the computational performance of the server by offloading processing to the client.
- D. To store data on the client's computer to facilitate persistent, stateful information between page requests.
正解:D
質問 # 86
When applying best practices in authentication, what is a key factor to consider for enhancing security?
Response:
- A. Allowing unlimited login attempts to improve user experience
- B. Ensuring secure storage of authentication tokens
- C. Using common security questions for user password recovery
- D. Decreasing the length of user passwords to improve usability
正解:B
質問 # 87
Which of the following are considered best practices when implementing third-party session sharing in web applications?
(Choose Two)
Response:
- A. Implement strict timeout policies for shared sessions.
- B. Share session tokens over insecure connections to improve performance.
- C. Use unencrypted tokens for session sharing.
- D. Validate and sanitize all inputs to avoid session fixation attacks.
正解:A、D
質問 # 88
......
一発合格の秘訣は無料でゲット!GWEBCertified 試験エンジンPDF:https://jp.fast2test.com/GWEB-premium-file.html