GIAC Certified Web Application Defender - GWEB Exam Practice Test

A. By avoiding the serialization of sensitive information

B. By always using the latest version of Java

C. By using only transient variables

D. By serializing all data to JSON format

A. When the data needs to be processed or analyzed

B. When minimal changes to the existing system are preferred

C. When replacing data with a token suffices for processing

D. When there is no requirement for direct data retrieval

A. An attack that is launched on the same day a vulnerability is discovered in the software.

B. An attack that exploits a previously unknown hardware flaw.

C. An attack that exploits a security vulnerability on the same day it is patched by the software vendor.

D. An attack that targets web applications with zero downtime or maintenance windows.

A. Presentation

B. Data

C. Client

D. Business Logic

A. TLS/SSL

B. MD5 hashing

C. AES encryption

D. RSA encryption

A. By tricking the victim's browser into sending an authenticated request to a vulnerable website

B. By intercepting the victim's traffic to steal their session cookies

C. By directly injecting malicious scripts into the victim's browser

D. By impersonating the victim's IP address to the target site

A. Use withCredentials for sensitive cross-origin requests

B. Restrict the HTTP methods that can be used cross-origin

C. Always set the Access-Control-Allow-Origin header to "*"

D. Validate the origin before sending back any CORS headers

A. Gaining read access to the server logs

B. Modifying user permissions without their consent

C. Slowing down the server's performance

D. Disabling user input forms

A. 3xx - Redirection

B. 1xx - Informational

C. 4xx - Client Error

D. 2xx - Success