








































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
The CIW Web Security Associate Ultimate Exam is designed to strengthen cybersecurity awareness and web security fundamentals for IT professionals and students. The exam covers internet security threats, encryption methods, authentication systems, network protection, malware prevention, and secure online communication practices. Candidates gain practical knowledge needed to recognize vulnerabilities and apply essential security measures in digital environments.
Typology: Exams
1 / 48
This page cannot be seen from the preview
Don't miss anything!









































Question 1. Which CIA-Triad element primarily protects data from being read by unauthorized individuals? A) Integrity B) Confidentiality C) Availability D) Non-repudiation Answer: B Explanation: Confidentiality ensures that only authorized users can view the information. Question 2. What term describes data that is stored on a hard drive, USB stick, or backup tape? A) Data in transit B) Data at rest C) Data in use D) Data at risk Answer: B Explanation: “Data at rest” refers to information that is stored and not actively moving across a network. Question 3. Which of the following statements best reflects the “Myth of 100 % Security”? A) Implementing a firewall eliminates all threats. B) No system can be made completely secure; residual risk always remains. C) Antivirus software guarantees zero infections. D) Encryption removes the need for access controls. Answer: B Explanation: Absolute security is unattainable; organizations must manage residual risk.
Question 4. An effective security matrix should include which of the following attributes? A) Only technical controls B) Clear responsibilities, measurable metrics, and review cycles C) Unlimited user privileges D) No documentation to avoid leaks Answer: B Explanation: A good matrix defines roles, metrics, and periodic reviews to ensure accountability. Question 5. When balancing security, usability, and cost, which approach is most realistic? A) Maximize security regardless of cost. B) Prioritize usability over all security controls. C) Find an optimal trade-off that meets business objectives. D) Eliminate all security to reduce cost. Answer: C Explanation: Organizations aim for a balanced solution that satisfies risk tolerance and budget. Question 6. Which threat source is considered internal? A) Hacktivist group on the internet B) Disgruntled employee with legitimate credentials C) Nation-state actor launching DDoS attacks D) Automated botnet scanning ports Answer: B Explanation: Internal threats originate from people inside the organization, such as employees. Question 7. Risk transfer is best achieved by which of the following?
B) Data Link C) Session D) Presentation Answer: B Explanation: MAC addresses operate at the Data Link layer, making it the target for spoofing. Question 11. Which TCP/IP service commonly uses port 25 and is a frequent target for spam relaying? A) HTTP B) SMTP C) DNS D) FTP Answer: B Explanation: SMTP (Simple Mail Transfer Protocol) uses port 25 and is often abused for sending spam. Question 12. Which protocol provides encrypted web traffic by default? A) HTTP B) FTP C) HTTPS D) Telnet Answer: C Explanation: HTTPS (HTTP Secure) uses TLS/SSL to encrypt communication. Question 13. An attacker scanning a network for open ports is performing which activity? A) Exploitation B) Reconnaissance C) Post-exploitation
D) Cleanup Answer: B Explanation: Scanning is a reconnaissance technique to gather information about targets. Question 14. Which physical security control helps prevent unauthorized access to a server rack? A) BIOS password B) Biometric lock on the data-center door C) Host-based firewall D) VPN tunnel Answer: B Explanation: Biometric locks are physical controls that restrict entry to secure areas. Question 15. OS hardening typically includes which of the following actions? A) Disabling unnecessary services B) Installing additional games for staff C) Enabling guest accounts by default D) Removing all user passwords Answer: A Explanation: Hardening removes or disables services that are not required, reducing attack surface. Question 16. Which virtualization security practice mitigates “hypervisor escape” risks? A) Running VMs with administrative privileges B) Regularly updating the hypervisor firmware C) Sharing the same virtual network for all VMs D) Disabling CPU virtualization extensions Answer: B
Question 20. PGP primarily provides which two security services? A) Authentication and firewalling B) Confidentiality and integrity through encryption and signing C) Network segmentation and intrusion detection D) Anti-virus scanning and sandboxing Answer: B Explanation: PGP encrypts data for confidentiality and uses digital signatures for integrity and authentication. Question 21. IPSec operates at which layer of the TCP/IP model? A) Application B) Transport C) Network D) Data Link Answer: C Explanation: IPSec secures IP packets, thus functioning at the Network layer. Question 22. Which factor most directly affects system performance when enabling full-disk encryption? A. Increased network latency B. CPU overhead for encryption/decryption C. Larger hard-drive capacity D. Higher screen resolution Answer: B Explanation: Encryption requires CPU cycles to encrypt/decrypt data on the fly, impacting performance. Question 23. Which MFA factor is considered “something you are”?
A) Password B) Smart card C) Fingerprint D) One-time code sent via SMS Answer: C Explanation: Biometrics (e.g., fingerprint) represent “something you are”. Question 24. An Access Control List (ACL) applied to a router interface primarily controls which of the following? A) User login passwords B) Traffic flow based on IP addresses and ports C) Physical access to the equipment rack D) Encryption keys for VPNs Answer: B Explanation: ACLs filter packets by source/destination IP, protocol, and port numbers. Question 25. Which log type is most useful for detecting unauthorized file modifications? A) DNS query logs B) File integrity monitoring (FIM) logs C) DHCP lease logs D) VPN connection logs Answer: B Explanation: FIM logs track changes to files and alert on unexpected modifications. Question 26. A Trojan horse differs from a virus primarily because it: A) Replicates without user interaction. B) Requires a host program to execute but does not self-replicate.
Answer: B Explanation: Distributed Denial-of-Service uses many sources to flood a target. Question 30. In a Man-in-the-Middle (MitM) attack, the adversary typically: A) Sends phishing emails. B) Inserts themselves between two communicating parties to eavesdrop or alter traffic. C) Scans for open ports. D) Executes a buffer overflow on a server. Answer: B Explanation: MitM involves intercepting and possibly modifying communications. Question 31. Which tool is commonly used for network fingerprinting? A) Wireshark B) Nmap C) Metasploit D) John the Ripper Answer: B Explanation: Nmap can perform OS detection and service fingerprinting. Question 32. An SQL injection vulnerability allows an attacker to: A) Execute arbitrary commands on the client’s browser. B) Modify or retrieve data from the database by injecting malicious SQL. C) Overwrite the server’s firmware. D) Bypass SSL/TLS encryption. Answer: B Explanation: Injected SQL statements are executed by the database, compromising data.
Question 33. Cross-site scripting (XSS) primarily exploits which weakness? A) Server-side input validation failures that allow script injection into web pages. B) Weak encryption keys. C) Unpatched operating systems. D) Misconfigured firewalls. Answer: A Explanation: XSS arises when user-supplied data is reflected without proper sanitization. Question 34. Phishing attacks most often attempt to obtain: A) System firmware updates. B) User credentials via deceptive emails or websites. C) Physical access cards. D) Network topology maps. Answer: B Explanation: Phishing tricks users into revealing login details. Question 35. Pharming differs from phishing in that it: A) Relies on malicious email attachments. B) Manipulates DNS or hosts files to redirect users to fraudulent sites without their knowledge. C) Uses social media messages. D) Requires a USB drive. Answer: B Explanation: Pharming compromises name resolution to silently redirect traffic. Question 36. Which password-cracking technique relies on pre-computed hash tables? A) Brute-force attack
D) Operate only on IPv6. Answer: B Explanation: Stateful firewalls maintain connection tables to understand traffic context. Question 40. A circuit-level gateway primarily controls: A) Application-level commands. B) Network-level sessions, ensuring that TCP handshakes are valid. C) DNS query content. D) Email attachments. Answer: B Explanation: Circuit-level gateways validate session establishment without inspecting payload. Question 41. An application-level gateway (proxy) provides which advantage? A) Direct packet forwarding with no inspection. B) Full content filtering and protocol-specific security. C) Only works for FTP traffic. D) Eliminates the need for encryption. Answer: B Explanation: Proxies terminate client connections, inspect content, and enforce policy. Question 42. The default rule set for most firewalls follows which principle? A) Allow all traffic unless explicitly denied. B) Deny all traffic unless explicitly allowed. C) Randomly allow or deny traffic. D) Permit only outbound traffic. Answer: B
Explanation: “Default-deny” is a best practice, reducing exposure. Question 43. A bastion host is best described as: A) A low-risk internal server. B) A hardened system placed in a DMZ to expose services to the Internet. C) A backup storage device. D) A VPN concentrator inside the LAN. Answer: B Explanation: Bastion hosts are heavily secured and serve as the only exposed point. Question 44. The primary purpose of a DMZ (Demilitarized Zone) is to: A) Store backup tapes. B) Separate external-facing services from the internal network. C) Host internal employee workstations. D) Encrypt internal traffic. Answer: B Explanation: DMZ isolates public services, limiting direct access to the internal LAN. Question 45. URL filtering in a firewall primarily protects against: A) Unauthorized Wi-Fi connections. B) Access to malicious or inappropriate web resources. C) Data loss from hard-drive failure. D) Physical theft of servers. Answer: B Explanation: URL filters block or allow web addresses based on policy. Question 46. Honeypots are deployed to: A) Accelerate network throughput.
D) All network packets are encrypted. Answer: B Explanation: DoS floods the target, causing service unavailability for legitimate users. Question 50. A vulnerability scanner differs from a penetration test in that it: A) Exploits vulnerabilities to gain access. B) Only identifies potential weaknesses without actively exploiting them. C) Requires manual coding of exploits. D) Guarantees remediation of all findings. Answer: B Explanation: Scanners report issues; penetration tests attempt to exploit them to assess impact. Question 51. Which protocol is most often used by attackers to perform a DNS amplification DDoS? A) TCP B) UDP C) ICMP D) SMTP Answer: B Explanation: DNS amplification exploits UDP’s connectionless nature and large response sizes. Question 52. A “zero-day” vulnerability refers to: A) A flaw that has been publicly disclosed for over a year. B) An unknown or unpatched vulnerability that is actively exploited. C) A vulnerability that only affects zero-day operating systems. D) A bug that only appears on the first day of the month. Answer: B
Explanation: Zero-day attacks target flaws that have no available patches. Question 53. Which of the following best describes a “sandbox” in security testing? A) A physical box for storing backup tapes. B) An isolated environment where potentially malicious code can be executed safely. C) A type of firewall rule. D) A password-reset utility. Answer: B Explanation: Sandboxes prevent malware from affecting production systems. Question 54. The principle of “least privilege” dictates that users should be granted: A) All possible permissions to avoid access issues. B) Only the permissions necessary to perform their job functions. C) Administrator rights by default. D) No access to any system. Answer: B Explanation: Limiting privileges reduces the impact of compromised accounts. Question 55. Which log entry would most likely indicate a successful brute-force attack on a web application? A) Repeated 401 Unauthorized responses from the same IP address. B) A single successful login from a new user. C) An SSL handshake failure. D) A DNS query for an internal host. Answer: A Explanation: Numerous failed login attempts followed by a 401 status suggest brute-force attempts.
Question 59. A “man-in-the-browser” (MitB) attack primarily targets which component? A) Network routers. B) The user’s web browser, injecting malicious code into legitimate sessions. C) DNS servers. D) Email servers. Answer: B Explanation: MitB modifies web pages within the victim’s browser to steal data. Question 60. Which of the following best describes a “shadow IT” risk? A) Officially approved software used by the IT department. B) Unauthorized hardware or software used by employees, bypassing security controls. C) A backup system located off-site. D) An outdated firewall rule set. Answer: B Explanation: Shadow IT introduces unknown assets that may lack proper security. Question 61. The “confused deputy” problem occurs when: A) An application unintentionally uses its privileges to perform actions on behalf of a less-privileged user. B. A user forgets their password. C. A firewall blocks legitimate traffic. D. A VPN tunnel drops packets. Answer: A Explanation: The deputy (service) is tricked into misusing its authority, leading to privilege escalation.
Question 62. Which of the following is a primary advantage of using SAML for single sign-on (SSO)? A) It requires no encryption. B) It transfers authentication assertions securely between identity providers and service providers. C) It stores passwords in plaintext. D) It only works with Windows operating systems. Answer: B Explanation: SAML enables federated authentication by passing signed assertions. Question 63. In a secure software development lifecycle (SDLC), which phase includes threat modeling? A) Deployment B) Requirements gathering C) Maintenance D) Testing Answer: B Explanation: Threat modeling is performed early to identify risks during requirements analysis. Question 64. Which of the following is a characteristic of a “white-list” firewall rule set? A) All traffic is blocked except that which is explicitly permitted. B) All traffic is permitted except that which is explicitly denied. C) Rules are applied randomly. D) It only filters outbound traffic. Answer: A Explanation: Whitelisting allows only known good traffic, denying everything else.