GWAPT 무료 덤프문제 온라인 액세스

Which type of XSS attack involves injecting malicious code that gets stored on the server and executed on subsequent page loads?

• A.Reflected XSS
• B.DOM-based XSS
• C.Stored XSS
• D.Blind XSS

A web application does not log users out after a period of inactivity. What is the best way to address this issue?

• A.Disable user sessions altogether
• B.Require re-authentication every minute
• C.Implement automatic session timeout policies
• D.Allow unlimited session durations for trusted users

Which of the following are effective countermeasures against CSRF? (Choose two)

• A.Implementing anti-CSRF tokens
• B.Enabling the SameSite cookie attribute
• C.Using HTTPS for all communications
• D.Disabling JavaScript in the browser

What is the primary goal of configuration testing in web applications?

• A.Optimizing application performance
• B.Identifying security misconfigurations in the application environment
• C.Exploiting vulnerabilities in user inputs
• D.Testing for SQL injection vulnerabilities

What is a SQL injection attack?

• A.Using DNS spoofing to redirect users to malicious websites
• B.Injecting malicious SQL code into a query to manipulate a database
• C.Exploiting user sessions to hijack accounts
• D.Exploiting buffer overflows in application code