GWAPT Vulnerability Scanning

Question 1

What is defense in depth in the context of GWAPT security?

Accepted Answer

Implementing multiple layers of security controls

Answer

Defense in depth uses multiple layers of security controls so that if one layer fails, additional layers continue to provide protection.

Question 2

Which principle states that users should only have access necessary for their role?

Accepted Answer

Principle of least privilege

Answer

The principle of least privilege ensures users only have the minimum access rights needed to perform their job functions, limiting potential damage.

Question 3

In GWAPT practice, what is the purpose of vulnerability scanning?

Accepted Answer

To identify weaknesses before attackers do

Answer

Vulnerability scanning proactively identifies security weaknesses in systems and applications so they can be remediated before exploitation.

Question 4

What is the recommended response when a security incident is detected in an GWAPT environment?

Accepted Answer

Follow the incident response plan: contain, eradicate, recover

Answer

Following a structured incident response plan ensures containment of the threat, eradication of the cause, and recovery to normal operations.

Question 5

Which authentication factor is classified as "something you are"?

Accepted Answer

Biometric data

Answer

Biometric data such as fingerprints, facial recognition, or retinal scans represents the "something you are" authentication factor.

(GWAPT) Giac Web Application Penetration Tester Practice Test