GIAC GWEB Certification Sample Questions

GWEB Dumps, GWEB PDF, GWEB VCE, GIAC Web Application Defender VCE, GIAC GWEB PDF The purpose of this Sample Question Set is to provide you with information about the GIAC Web Application Defender (GWEB) exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the GWEB certification test. To get familiar with real exam environment, we suggest you try our Sample GIAC GWEB Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual GIAC Certified Web Application Defender (GWEB) certification exam.

These sample questions are simple and basic questions that represent likeness to the real GIAC Web Application Defender exam questions. To assess your readiness and performance with real-time scenario based questions, we suggest you prepare with our Premium GIAC GWEB Certification Practice Exam. When you solve real time scenario based questions practically, you come across many difficulties that give you an opportunity to improve.

GIAC GWEB Sample Questions:

01. Session tokens lack expiration timestamps. What attack becomes easier?

a) SQL injection

b) Long-term session hijacking

c) CSRF

d) XXE

02. Why should logout invalidate server-side sessions?

a) Prevents reuse of stolen tokens

b) Improves TLS

c) Blocks CSRF

d) Stops SQL injection

03. Certificate pinning primarily protects against:

a) SQL injection

b) CSRF

c) Man-in-the-middle attacks

d) Path traversal

04. Microservices communicate over HTTP without authentication internally. What risk arises?

a) Internal service impersonation

b) CSRF

c) SQL injection

d) HSTS failure

05. What is the safest storage strategy for uploaded files?

a) Store in executable directory

b) Trust file extension

c) Store outside web root with randomized filenames

d) Disable HTTPS

06. A developer enables CORS with:

- Access-Control-Allow-Origin: https://trusted.com

- Access-Control-Allow-Credentials: true

- However, the server does not validate the Host header.

What advanced attack could leverage this misconfiguration?

a) SQL injection

b) TLS downgrade

c) CSRF token theft

d) Host header injection leading to origin bypass

07. GraphQL introspection is left enabled in production. Why is this concerning?

a) It slows performance

b) It reveals schema and attack surface details

c) It prevents CSRF

d) It disables TLS

08. If an attacker can execute XSS, what happens to CSRF protections?

a) They may be bypassed

b) They remain fully effective

c) TLS blocks XSS

d) SameSite blocks XSS

09. Which practice most strengthens password storage?

a) SHA-1 hashing

b) Base64 encoding

c) bcrypt with work factor tuning

d) MD5 with salt

10. During testing, modifying a hidden form field changes pricing logic. What class of vulnerability is this?

a) Business logic flaw

b) Reflected XSS

c) SQL injection

d) DNS poisoning

Answers:

Question: 01 Answer: b	Question: 02 Answer: a	Question: 03 Answer: c	Question: 04 Answer: a	Question: 05 Answer: c
Question: 06 Answer: d	Question: 07 Answer: b	Question: 08 Answer: a	Question: 09 Answer: c	Question: 10 Answer: a

Note: For any error in GIAC Certified Web Application Defender (GWEB) certification exam sample questions, please update us by writing an email on feedback@edusum.com.