CIW Web Security Associate (1D0671) Exam, Exams of Technology

Exam on web-based security principles, encryption, authentication, threats, and countermeasures. Includes firewalls, intrusion detection, and secure coding.

Typology: Exams

2024/2025

Available from 08/31/2025

BookVenture
BookVenture šŸ‡®šŸ‡³

3.2

(20)

26K documents

1 / 179

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CIW Web Security Associate (1D0671)
Exam
Question 1. Which principle of the CIA triad ensures that sensitive
information is only accessible to authorized users?
A) Confidentiality
B) Integrity
C) Availability
D) Accountability
Answer: A
Explanation: Confidentiality is about restricting access to information so
only authorized users can view it.
Question 2. What type of malware disguises itself as legitimate software
to trick users into installing it?
A) Virus
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62
pf63
pf64

Partial preview of the text

Download CIW Web Security Associate (1D0671) Exam and more Exams Technology in PDF only on Docsity!

Exam

Question 1. Which principle of the CIA triad ensures that sensitive information is only accessible to authorized users? A) Confidentiality B) Integrity C) Availability D) Accountability Answer: A Explanation: Confidentiality is about restricting access to information so only authorized users can view it. Question 2. What type of malware disguises itself as legitimate software to trick users into installing it? A) Virus

Exam

B) Worm C) Trojan D) Rootkit Answer: C Explanation: Trojans appear to be benign software but contain malicious code. Question 3. Which best defines a vulnerability in a security context? A) A malicious actor B) A system weakness C) An attempted attack D) A firewall rule

Exam

Question 5. Which of the following is NOT part of the CIA triad? A) Confidentiality B) Availability C) Accountability D) Integrity Answer: C Explanation: Accountability is important, but not one of the three core CIA triad principles. Question 6. What is the purpose of a disaster recovery plan? A) To prevent network attacks B) To restore operations after a security incident

Exam

C) To enforce strong passwords D) To encrypt sensitive information Answer: B Explanation: Disaster recovery plans help organizations resume normal operations after disruptions. Question 7. Which of the following is an example of physical security? A) Installing antivirus software B) Using biometrics at the data center entrance C) Encrypting files D) Implementing firewalls Answer: B

Exam

Question 9. Which device inspects network traffic and blocks or permits it based on a set of rules? A) Switch B) Firewall C) Router D) Load balancer Answer: B Explanation: Firewalls filter traffic according to security rules. Question 10. In TCP/IP, what is the primary function of the IP protocol? A) Encrypt data B) Route packets

Exam

C) Manage user sessions D) Check for malware Answer: B Explanation: IP is responsible for addressing and routing packets across the network. Question 11. What is the primary risk of unvalidated user input in web applications? A) Data redundancy B) SQL injection and XSS attacks C) Increased bandwidth usage D) Poor user experience Answer: B

Exam

Question 13. Which attack involves intercepting and potentially altering communications between two parties? A) Denial-of-Service B) Man-in-the-Middle C) Phishing D) Spoofing Answer: B Explanation: Man-in-the-Middle attacks intercept and may manipulate data between parties. Question 14. What is the principle of least privilege? A) Allowing all users admin access B) Restricting users to only the permissions they need

Exam

C) Granting maximum access for convenience D) Disabling user accounts Answer: B Explanation: Least privilege means users get only the access required for their tasks. Question 15. Which protocol is commonly used to secure web traffic? A) HTTP B) FTP C) HTTPS D) POP Answer: C

Exam

A) Malicious code that attaches to files B) Malware that spreads itself over networks C) Unauthorized access tool D) Hardware failure Answer: B Explanation: Worms are self-replicating malware that spread over networks. Question 18. Which part of the CIA triad is compromised when data is altered without authorization? A) Confidentiality B) Integrity C) Availability

Exam

D) Reliability Answer: B Explanation: Integrity ensures data is accurate and unaltered by unauthorized parties. Question 19. What is the main difference between IDS and IPS? A) IDS blocks traffic, IPS only detects B) IDS detects, IPS detects and blocks C) IDS encrypts traffic, IPS decrypts D) IDS only for physical security Answer: B Explanation: IDS detects threats, while IPS can detect and actively block them.

Exam

B) Discovering devices and topology of a network C) Creating backup schedules D) Setting up VPNs Answer: B Explanation: Network mapping identifies devices and their connections within a network. Question 22. What is the primary function of port scanning tools for attackers? A) To encrypt data B) To find open ports and potential vulnerabilities C) To backup data D) To create firewalls

Exam

Answer: B Explanation: Attackers use port scanners to detect open ports that may be exploited. Question 23. Which is an example of multi-factor authentication? A) Password only B) Password and security question C) Password and fingerprint scan D) Username only Answer: C Explanation: Multi-factor authentication requires at least two different types of credentials, such as something you know and something you are.

Exam

B) Implementing secure cookies and session timeouts C) Disabling firewalls D) Allowing unlimited session duration Answer: B Explanation: Secure cookies and session timeouts help mitigate session hijacking risks. Question 26. What is the purpose of a DMZ (Demilitarized Zone) in network security? A) To isolate sensitive internal networks from external access B) To store encrypted files C) To monitor user activity D) To speed up traffic

Exam

Answer: A Explanation: A DMZ separates public-facing servers from the internal network, adding a security layer. Question 27. What does SSL/TLS provide for web applications? A) Data compression B) Data encryption and secure communication C) Data redundancy D) Data backup Answer: B Explanation: SSL/TLS encrypts data sent between web servers and clients.