In a typical three-tier web application architecture, the _______ tier is responsible for processing business logic, performing computations, and making decisions.
Response:
A. Presentation
B. Client
C. Data
D. Business Logic
正解:D
質問 2:
When securing an AJAX application, which of the following practices should be implemented to protect against common attacks?
(Choose Two)
Response:
A. Disabling client-side scripting
B. Implementing Content Security Policy (CSP)
C. Validating and sanitizing all input on the server-side
D. Using GET requests for sensitive transactions
正解:B,C
質問 3:
Which of the following is the best approach to validate user input?
Response:
A. Server-side validation only
B. Client-side validation only
C. No input validation
D. Both client-side and server-side validation
正解:D
質問 4:
Which of the following mechanisms helps protect session tokens from being stolen?
Response:
A. Disabling token encryption
B. Storing session tokens in local storage
C. Allowing session tokens in URL parameters
D. Using HTTP-only and Secure flags for cookies
正解:D
質問 5:
In the context of web applications, what role does the HTTP 'GET' method serve?
Response:
A. It requests a representation of the specified resource and should only retrieve data.
B. It requests that the server accept the entity enclosed in the request as a new subordinate of the web resource identified by the URI.
C. It submits data to be processed to a specified resource.
D. It replaces all current representations of the target resource with the request payload.
正解:A
質問 6:
Which of the following techniques are effective in browser defense against web application attacks?
(Choose Two)
Response:
A. Disabling JavaScript entirely
B. Implementing Cross-Origin Resource Sharing (CORS) policies
C. Using Content Security Policy (CSP)
D. Enabling Cross-Site Scripting (XSS) filters
正解:C,D
質問 7:
Which of the following is true about protecting web applications from input-related flaws?
Response:
A. Server-side input validation is sufficient to prevent data leakage.
B. Only dynamic queries are vulnerable to injection attacks.
C. Input validation should be performed at both the client and server sides.
D. Captchas effectively prevent all types of input validation attacks.
正解:C
質問 8:
How can token-based authentication be compromised in a web application?
Response:
A. By intercepting unencrypted tokens transmitted over an insecure channel.
B. By obtaining a user's password through social engineering.
C. By executing a DDoS attack on the web server.
D. Through physical theft of the server.
正解:A
質問 9:
What is a common security concern when using modern Java frameworks for web application development?
Response:
A. Hardcoded credentials in the framework's source code
B. The automatic enabling of verbose logging
C. Insecure direct object references
D. The framework's incompatibility with modern databases
正解:C
1354 お客様のコメント





柴田** -
GWEB試験受かりました!すべて何も知らない素人の中の素人でしたが、この本を読んで、大体理解できたと思います!