CIW CIW Security Analyst 2

Question 1

What is SQL injection?

Accepted Answer

An attack that inserts malicious SQL code into input fields to manipulate a database

Answer

SQL injection exploits insufficient input validation by inserting malicious SQL statements into fields, potentially exposing or corrupting database data.

Question 2

What does XSS (Cross-Site Scripting) allow an attacker to do?

Accepted Answer

Inject malicious scripts into web pages viewed by other users

Answer

XSS attacks inject client-side scripts into pages viewed by other users, potentially stealing session cookies or redirecting users.

Question 3

What is a VPN (Virtual Private Network) used for?

Accepted Answer

Create an encrypted tunnel over the internet to secure data transmission and mask IP addresses

Answer

A VPN encrypts internet traffic and routes it through a secure server, protecting privacy and securing data on public networks.

Question 4

What is the principle of least privilege in security?

Accepted Answer

Grant users only the minimum permissions necessary to perform their job functions

Answer

The principle of least privilege limits user and system access rights to the bare minimum needed, reducing the attack surface and damage from breaches.

Question 5

What is multi-factor authentication (MFA)?

Accepted Answer

Requiring two or more verification factors (something you know, have, or are) to authenticate

Answer

MFA requires at least two independent authentication factors — such as a password plus a one-time code — dramatically reducing account compromise risk.

CIW - Certified Internet Web Professional Practice Test

CIW - Certified Internet Web Professional Practice Test

CIW CIW Security Analyst 2