Browse Exams Pricing

ExamsGWAPTQuestions

GWAPT Exam Questions

140 real GWAPT exam questions with expert-verified answers and explanations. Page 2 of 3.

Question #51
Which mechanisms can help prevent brute-force attacks on login pages? (Choose two)
Question #52
Which techniques help mitigate XSS vulnerabilities? (Choose two)
Question #53
During reconnaissance, you discover that the web application's /admin directory is exposed. What would you do next?
Question #54
Which configurations are essential for secure session cookies? (Choose two)
Question #55
During a configuration audit, you find that directory listing is enabled. What is the associated risk?
Question #56
During a penetration test, you find that a web application does not implement account lockout policies. What is your next step?
Question #57
What is the primary purpose of HTTP in web applications?
Question #58
Which of the following SQL clauses is most often exploited in SQL injection attacks?
Question #59
What are the primary components of a web application? (Choose two)
Question #60
Which HTTP method is used to retrieve data from a server?
Question #61
What actions can mitigate the risk of authentication bypass vulnerabilities? (Choose two)
Question #62
What actions help secure session management? (Choose two)
Question #63
What are common indicators of a CSRF attack? (Choose two)
Question #64
What is the primary goal of configuration testing in web applications?
Question #65
Which type of XSS attack involves injecting malicious code that gets stored on the server and executed on subsequent page loads?
Question #66
What is a SQL injection attack?
Question #67
You have identified that a web server discloses its software version in HTTP headers. What is the next logical step?
Question #68
During an assessment, you discover that a web application does not compress large files before sending them to the client. What is the best recommendation to improve performance?
Question #69
Which type of Cross-Site Scripting (XSS) attack occurs when malicious input is stored on the target server?
Question #70
What does HTTPS provide that HTTP does not?
Question #71
What techniques can be used to gather information during reconnaissance? (Choose two)
Question #72
Which types of vulnerabilities can Nikto detect? (Choose two)
Question #73
What advantages does AJAX provide in web applications? (Choose two)
Question #74
What are key benefits of disabling unnecessary services in a web application? (Choose two)
Question #75
Which HTTP response codes indicate successful requests? (Choose two)
Question #76
Which types of SQL injection attacks exist? (Choose two)
Question #77
What is credential stuffing?
Question #78
Which tool is commonly used for mapping the structure of a web application?
Question #79
What are effective methods to protect against Cross-Site Request Forgery (CSRF) attacks? (Choose two)
Question #80
A web application you are testing uses HTTP instead of HTTPS for login pages. What should you recommend?
Question #81
Which tools are effective for finding XSS vulnerabilities? (Choose two)
Question #82
While spidering a web application, you notice an endpoint /debug/logs. How should you proceed?
Question #83
Which tool is commonly used for automating brute-force attacks on web applications?
Question #84
Which testing methods are supported by fuzzing tools? (Choose two)
Question #85
Which of the following tools is commonly used to identify misconfigurations in web applications?
Question #86
During reconnaissance, which HTTP response code indicates that the requested resource is not found?
Question #87
Which tools are effective for discovering XSS vulnerabilities? (Choose two)
Question #88
Which of the following is a common indicator of a credential stuffing attack?
Question #89
What mechanism is commonly used to protect session IDs during transmission?
Question #90
Which header is commonly used to prevent Cross-Site Request Forgery attacks?
Question #91
Which HTTP header helps prevent browsers from loading a page in a frame to mitigate clickjacking attacks?
Question #92
What information can be gathered using the WHOIS lookup service?
Question #93
Which methods are commonly used to detect XSS vulnerabilities? (Choose two)
Question #94
Which tools are commonly used for web application security testing? (Choose two)
Question #95
Which of the following ensures session IDs are unique for each user?
Question #96
A web application allows SQL injection attacks on its admin panel. What should you recommend to mitigate this issue?
Question #97
Which actions help secure configuration settings in web applications? (Choose two)
Question #98
Which vulnerability occurs when user input is returned in an HTTP response without proper encoding?
Question #99
Which HTTP header is MOST effective at mitigating clickjacking attacks?
Question #100
What is the primary goal of a Cross-Site Request Forgery (CSRF) attack?

PreviousPage 2 of 3Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.