Online Access Free GWEB Practice Test

Which HTTP header is crucial for preventing unauthorized cross-origin requests in a web application?
Response:

• A.X-XSS-Protection
• B.X-Frame-Options
• C.Access-Control-Allow-Origin
• D.Content-Security-Policy

Considering the advanced persistent threats (APTs), which of the following mechanisms is crucial for strengthening access control systems against such sophisticated attacks?
Response:

• A.Deploying antivirus software on all endpoints
• B.Implementing network segmentation and zero trust models
• C.Ensuring physical security of all network devices
• D.Using WEP encryption for wireless communications

What is the main purpose of using mutual SSL/TLS in web services security?
Response:

• A.To distribute symmetric keys securely
• B.To authenticate both the client and the server during the handshake process
• C.To provide non-repudiation of message exchange
• D.To ensure that only the intended client can decrypt the server's messages

Which of the following techniques helps prevent malicious file uploads?
Response:

• A.Using insecure direct object references (IDOR)
• B.Storing uploaded files directly in the root directory
• C.Allowing all file types to be uploaded
• D.Validating the file type and size on the server side

What are best practices for conducting security testing on web applications?
(Choose two)
Response:

• A.Allowing unrestricted access to testing environments
• B.Regularly conducting penetration tests
• C.Testing both the client and server-side components
• D.Ignoring any identified vulnerabilities that do not seem critical