01. In the context of file uploads, what are two critical security checks to implement?
(Choose Two)
a) Verifying the file extension only
b) Checking the file MIME type against a whitelist
c) Ensuring the uploaded file is not executable on the server
d) Allowing all file types but scanning for size
02. Which technique is most effective in preventing SQL injection attacks?
a) Use of prepared statements and parameterized queries
b) Client-side input validation
c) Encryption of all data entered by the user
d) Limiting the length of input fields
03. How does the use of third-party security services like Cloudflare or Akamai benefit web application security?
a) They provide outsourced content management systems
b) They offer distributed denial of service (DDoS) protection
c) They replace the need for web application firewalls
d) They offer free hosting services
04. When configuring CORS policies, what considerations should be made to ensure security?
(Choose Two)
a) Always set the Access-Control-Allow-Origin header to "*"
b) Validate the origin before sending back any CORS headers
c) Use withCredentials for sensitive cross-origin requests
d) Restrict the HTTP methods that can be used cross-origin
05. Which practice is essential for maintaining security in web applications that handle serialization and deserialization?
a) Using the most efficient serialization library
b) Restricting serialized data to authenticated users
c) Monitoring the size of serialized data
d) Logging all serialization and deserialization operations
06. What are effective proactive defense measures for a web application?
(Choose Two)
a) Deploying a web application firewall (WAF)
b) Implementing network-level DDoS protection
c) Conducting regular security awareness training
d) Using intrusion detection systems at the application layer
07. Which of the following is an essential security practice for protecting a web service using SOAP?
a) Utilizing SOAP attachments for all confidential data exchanges
b) Employing WS-Security standards for message integrity and confidentiality
c) Restricting SOAP messages to less than 2KB to prevent buffer overflow attacks
d) Using only HTTP GET requests to simplify SOAP message handling
08. AJAX calls can be vulnerable to interception and manipulation. Which of the following is an effective countermeasure to secure AJAX calls?
a) Using simple HTTP authentication for AJAX requests
b) Employing GET requests for transferring sensitive information
c) Allowing cross-origin requests without restrictions
d) Implementing strong session management with secure tokens
09. In a typical three-tier web application architecture, the _______ tier is responsible for processing business logic, performing computations, and making decisions.
a) Client
b) Presentation
c) Business Logic
d) Data
10. What is the role of 'SameSite' cookie attribute in preventing CSRF attacks?
a) It prevents cookies from being sent in cross-site requests
b) It ensures cookies are only sent over HTTPS
c) It isolates cookies to specific domain paths to prevent unauthorized access
d) It encrypts cookies to prevent interception and tampering
The purpose of this Sample Question Set is to provide you with information about the GIAC Web Application Defender (GWEB) exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the GWEB certification test. To get familiar with real exam environment, we suggest you try our Sample GIAC GWEB Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual GIAC Certified Web Application Defender (GWEB) certification exam.