
[2025年03月19日] 最新GWEB試験問題集には高得点で一発合格
無料提供中GWEBブレーン問題集とGWEBリアル試験問題
質問 # 51
What is a common risk associated with file uploads in web applications?
Response:
- A. Inability to process large files
- B. Increased bandwidth usage
- C. Unauthorized execution of malicious files
- D. Slower page load times
正解:C
質問 # 52
What tool is commonly used for automated web application security testing?
Response:
- A. Terraform
- B. Burp Suite
- C. Wireshark
- D. Docker
正解:B
質問 # 53
What is the impact of a successful CSRF attack?
Response:
- A. Slowing down the server's performance
- B. Modifying user permissions without their consent
- C. Gaining read access to the server logs
- D. Disabling user input forms
正解:B
質問 # 54
Which encryption algorithm is recommended for securing sensitive data at rest?
Response:
- A. AES
- B. DES
- C. SHA-1
- D. RC4
正解:A
質問 # 55
In the context of session security, what is session fixation?
Response:
- A. A scenario where session IDs are securely fixed to user accounts to prevent theft.
- B. A method where the attacker fixes the user's session ID before the user logs in, thereby hijacking the user's session.
- C. A condition where a user's session remains active indefinitely without timeout.
- D. Fixing corrupted session data to ensure the continuity of user interaction.
正解:B
質問 # 56
Which of the following is the best approach to validate user input?
Response:
- A. Client-side validation only
- B. Both client-side and server-side validation
- C. Server-side validation only
- D. No input validation
正解:B
質問 # 57
Which two of the following are important considerations when implementing SSL/TLS for protecting data in transit?
(Choose Two)
Response:
- A. Allowing fallback to older versions for compatibility
- B. Using strong cipher suites
- C. Enabling only the latest version of the protocol
- D. Requiring client-side certificates
正解:B、C
質問 # 58
To enhance the security of a web application, sensitive data should be encrypted in transit using _______.
Response:
- A. FTP
- B. HTTP
- C. SNMP
- D. HTTPS
正解:D
質問 # 59
Which of the following measures can help prevent malicious file uploads in web applications?
(Choose two)
Response:
- A. Disabling server-side validation
- B. Limiting file sizes to reduce risk
- C. Allowing uploads to any directory on the server
- D. Using file type validation
正解:B、D
質問 # 60
In the context of high-level attack trends on web applications, what is a 'zero-day' exploit?
Response:
- A. An attack that is launched on the same day a vulnerability is discovered in the software.
- B. An attack that targets web applications with zero downtime or maintenance windows.
- C. An attack that exploits a previously unknown hardware flaw.
- D. An attack that exploits a security vulnerability on the same day it is patched by the software vendor.
正解:A
質問 # 61
Which of the following is an advanced technology used for securing web applications against XSS attacks?
Response:
- A. Browser Content Security Policy (CSP)
- B. Virtual Private Network (VPN)
- C. File Transfer Protocol (FTP) security
- D. Secure/Multipurpose Internet Mail Extensions (S/MIME)
正解:A
質問 # 62
How does the use of third-party security services like Cloudflare or Akamai benefit web application security?
Response:
- A. They provide outsourced content management systems
- B. They replace the need for web application firewalls
- C. They offer free hosting services
- D. They offer distributed denial of service (DDoS) protection
正解:D
質問 # 63
Which of the following scenarios is most susceptible to a CSRF attack?
Response:
- A. A website that uses only HTTPS for all its pages and services
- B. A website that does not validate the origin with standard headers like Origin or Referer
- C. A website that requires re-authentication for every sensitive action
- D. A website that has implemented CSP (Content Security Policy) without allowing any inline scripts
正解:B
質問 # 64
In the context of single sign-on (SSO), which of the following statements accurately describe its benefits?
(Choose Two)
Response:
- A. SSO requires additional authentication steps for each application, enhancing security.
- B. SSO increases the complexity of password management.
- C. SSO can reduce help desk costs related to password resets.
- D. SSO reduces the number of passwords users need to remember.
正解:C、D
質問 # 65
Which of the following practices are effective in preventing unauthorized access?
(Choose two)
Response:
- A. Implementing least privilege principles
- B. Allowing unlimited login attempts
- C. Using single sign-on (SSO) without encryption
- D. Enforcing multi-factor authentication (MFA)
正解:A、D
質問 # 66
What is the principle of least privilege in the context of web application access control?
Response:
- A. Users should have access only to the resources they need to perform their tasks
- B. Users should have admin access to all systems for efficiency
- C. Access should be based on the number of years with the company
- D. All users should have access to sensitive information
正解:A
質問 # 67
Which of the following steps should be included in an incident response plan for web applications?
Response:
- A. Ignoring the incident to prevent media attention
- B. Limiting communication with affected users
- C. Disabling logging during incidents to avoid performance issues
- D. Isolating compromised systems and gathering logs for forensic analysis
正解:D
質問 # 68
What best practice should be applied when developing test strategies for web authentication?
Response:
- A. Ignoring SSL/TLS because it is the responsibility of the infrastructure team
- B. Conducting thorough penetration testing on authentication endpoints
- C. Limiting testing scope to avoid discovering too many issues
- D. Testing with real user credentials in all environments
正解:B
質問 # 69
Which leading-edge web technologies may introduce new security challenges for developers?
(Choose two)
Response:
- A. TLS 1.3
- B. JSON web tokens
- C. WebSockets
- D. WebAssembly
正解:C、D
質問 # 70
In the context of web applications, what role does the HTTP 'GET' method serve?
Response:
- A. It submits data to be processed to a specified resource.
- B. It requests that the server accept the entity enclosed in the request as a new subordinate of the web resource identified by the URI.
- C. It replaces all current representations of the target resource with the request payload.
- D. It requests a representation of the specified resource and should only retrieve data.
正解:D
質問 # 71
What are the best practices for managing web authentication securely?
(Choose two)
Response:
- A. Using outdated encryption protocols
- B. Using secure hashing algorithms (e.g., bcrypt) for storing passwords
- C. Allowing unlimited login attempts
- D. Enforcing account lockouts after failed login attempts
正解:B、D
質問 # 72
Which HTTP header is crucial for preventing unauthorized cross-origin requests in a web application?
Response:
- A. Access-Control-Allow-Origin
- B. X-Frame-Options
- C. X-XSS-Protection
- D. Content-Security-Policy
正解:A
質問 # 73
Which component of a web server is responsible for managing multiple client requests simultaneously?
Response:
- A. HTTP listener
- B. API gateway
- C. Web proxy
- D. Web server thread pool
正解:D
質問 # 74
When securing an AJAX application, which of the following practices should be implemented to protect against common attacks?
(Choose Two)
Response:
- A. Disabling client-side scripting
- B. Validating and sanitizing all input on the server-side
- C. Using GET requests for sensitive transactions
- D. Implementing Content Security Policy (CSP)
正解:B、D
質問 # 75
What is the primary benefit of using asymmetric encryption over symmetric encryption for data in transit?
Response:
- A. No need for key exchange
- B. Better compatibility with older systems
- C. Higher encryption speed
- D. More options for key lengths
正解:A
質問 # 76
......
GWEB合格させる問題集でGIAC24時間で試験合格できます:https://jp.fast2test.com/GWEB-premium-file.html