[2025年02月07日] あなたを合格させるGWEB無料最新問題集でGIAC練習テスト [Q70-Q88]

Share

[2025年02月07日] あなたを合格させるGWEB無料最新問題集でGIAC練習テスト

無料でゲット!高評価GIAC GWEB試験問題集を今すぐダウンロード!

質問 # 70
What are best practices for conducting security testing on web applications?
(Choose two)
Response:

  • A. Regularly conducting penetration tests
  • B. Allowing unrestricted access to testing environments
  • C. Testing both the client and server-side components
  • D. Ignoring any identified vulnerabilities that do not seem critical

正解:A、C


質問 # 71
Which HTTP header is crucial for preventing unauthorized cross-origin requests in a web application?
Response:

  • A. Access-Control-Allow-Origin
  • B. Content-Security-Policy
  • C. X-Frame-Options
  • D. X-XSS-Protection

正解:A


質問 # 72
Which of the following is a key security risk associated with the deserialization of untrusted data?
Response:

  • A. Loss of data granularity
  • B. Increased latency in data processing
  • C. Unintended data type conversion
  • D. Arbitrary code execution

正解:D


質問 # 73
What is the main objective of penetration testing in web application security?
Response:

  • A. To improve user experience
  • B. To optimize web server performance
  • C. To reduce the cost of hosting
  • D. To identify and exploit vulnerabilities in the application

正解:D


質問 # 74
Which of the following techniques are effective in browser defense against web application attacks?
(Choose Two)
Response:

  • A. Using Content Security Policy (CSP)
  • B. Disabling JavaScript entirely
  • C. Enabling Cross-Site Scripting (XSS) filters
  • D. Implementing Cross-Origin Resource Sharing (CORS) policies

正解:A、C


質問 # 75
Which of the following is an effective mitigation technique against CSRF attacks?
Response:

  • A. Disabling cookies in the user's browser
  • B. Using the same-origin policy with no exceptions
  • C. Using GET requests for state-changing operations
  • D. Including a unique token in every POST request

正解:D


質問 # 76
What is a common security concern when using modern Java frameworks for web application development?
Response:

  • A. Hardcoded credentials in the framework's source code
  • B. The framework's incompatibility with modern databases
  • C. Insecure direct object references
  • D. The automatic enabling of verbose logging

正解:C


質問 # 77
In the context of web application security, what is the purpose of tokenization?
Response:

  • A. To replace sensitive data with non-sensitive substitutes
  • B. To encrypt data using a token-based system
  • C. To validate data integrity
  • D. To facilitate user authentication

正解:A


質問 # 78
In the context of securing AJAX applications against XSS attacks, which of the following practices should developers follow?
(Choose Two)
Response:

  • A. Validate and sanitize all user input to prevent malicious scripts from executing
  • B. Store sensitive information in global JavaScript variables for easy access
  • C. Implement strict content security policies that define the origins that can serve executable scripts
  • D. Trust all user input and encode output based on the context

正解:A、C


質問 # 79
Which of the following are common techniques used in web application security testing?
(Choose two)
Response:

  • A. Code injection to discover vulnerabilities
  • B. Disabling server logs during testing
  • C. Using deprecated encryption algorithms
  • D. Fuzzing to identify input vulnerabilities

正解:C、D


質問 # 80
Which of the following components is NOT typically involved in web application architecture?
Response:

  • A. Web Server
  • B. Application Server
  • C. Database Server
  • D. Mail Server

正解:D


質問 # 81
What is a key security concern when using WebAssembly in web applications?
Response:

  • A. It bypasses the Same-Origin Policy
  • B. It does not support encryption for data in transit
  • C. It allows execution of untrusted code directly in the browser
  • D. It increases network latency

正解:C


質問 # 82
Which of the following are critical aspects to consider when implementing encryption for data in transit?
(Choose Two)
Response:

  • A. The choice of encryption algorithm
  • B. Ensuring that all data is encrypted, not just sensitive data
  • C. The physical security of the transmission medium
  • D. The secure storage of encryption keys

正解:A、D


質問 # 83
What best practice should be followed when developing secure RESTful APIs?
Response:

  • A. Implementing stateful session management
  • B. Utilizing API keys transmitted over HTTP headers
  • C. Avoiding the use of standard HTTP methods
  • D. Restricting access with proper authentication and authorization

正解:D


質問 # 84
What is a fundamental aspect of securing a web application that employs various modern application frameworks?
Response:

  • A. Keeping all framework components up to date
  • B. Regularly updating user interface themes
  • C. Ensuring compatibility with all web browsers
  • D. Conducting thorough user acceptance testing

正解:A


質問 # 85
What is the primary function of cookies in web applications?
Response:

  • A. To encrypt data transmissions between the user's browser and the web server.
  • B. To serve targeted advertisements to users based on their browsing history.
  • C. To increase the computational performance of the server by offloading processing to the client.
  • D. To store data on the client's computer to facilitate persistent, stateful information between page requests.

正解:D


質問 # 86
When applying best practices in authentication, what is a key factor to consider for enhancing security?
Response:

  • A. Allowing unlimited login attempts to improve user experience
  • B. Ensuring secure storage of authentication tokens
  • C. Using common security questions for user password recovery
  • D. Decreasing the length of user passwords to improve usability

正解:B


質問 # 87
Which of the following are considered best practices when implementing third-party session sharing in web applications?
(Choose Two)
Response:

  • A. Implement strict timeout policies for shared sessions.
  • B. Share session tokens over insecure connections to improve performance.
  • C. Use unencrypted tokens for session sharing.
  • D. Validate and sanitize all inputs to avoid session fixation attacks.

正解:A、D


質問 # 88
......

一発合格の秘訣は無料でゲット!GWEBCertified 試験エンジンPDF:https://jp.fast2test.com/GWEB-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어