최신 CAP 무료덤프 - The SecOps Group Certified AppSec Practitioner
Based on the below HTTP request, which of the following statements is correct?
POST /changepassword HTTP/2
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Cookie: JSESSIONID=38RB5ECV10785B53AF29816E92E2E50 Content-Length: 95 new_password=usher!@22&confirm_password=usher!@22
POST /changepassword HTTP/2
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Cookie: JSESSIONID=38RB5ECV10785B53AF29816E92E2E50 Content-Length: 95 new_password=usher!@22&confirm_password=usher!@22
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
An application's forget password functionality is described below:
The user enters their email address and receives a message on the web page:
"If the email exists, we will email you a link to reset the password"
The user also receives an email saying:
"Please use the link below to create a new password:"
(Note that the developer has included a one-time random token with the 'userId' parameter in the link). So, the link seems like:
https://example.com/reset_password?userId=5298&token=70e7803e-bf53-45e1-8a3f-fb15da7de3a0 Will this mechanism prevent an attacker from resetting arbitrary users' passwords?
The user enters their email address and receives a message on the web page:
"If the email exists, we will email you a link to reset the password"
The user also receives an email saying:
"Please use the link below to create a new password:"
(Note that the developer has included a one-time random token with the 'userId' parameter in the link). So, the link seems like:
https://example.com/reset_password?userId=5298&token=70e7803e-bf53-45e1-8a3f-fb15da7de3a0 Will this mechanism prevent an attacker from resetting arbitrary users' passwords?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
In the context of the CORS (Cross-origin resource sharing) misconfiguration, which of the following statements is true?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
Based on the screenshot below, which of the following statements is true?
Request
GET /userProfile.php?sessionId=7576572ce164646de967c759643d53031 HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Firefox/107.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Cookie: JSESSIONID=7576572ce164646de967c759643d53031 Te: trailers Connection: keep-alive PrettyRaw | Hex | php | curl | ln | Pretty HTTP/1.1 200 OK Date: Fri, 09 Dec 2022 11:42:27 GMT Server: Apache/2.4.54 (Unix) OpenSSL/1.0.2k-fips PHP/8.0.25 X-Powered-By: PHP/8.0.25 Content-Length: 12746 Content-Type: text/html; charset=UTF-8 Connection: keep-alive Set-Cookie: JSESSIONID=7576572ce164646de967c759643d53031; Path=/; HttpOnly
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Example Domain</title>
</head>
<body style="background-color:#f0f0f2; margin:0; padding:0; font-family: -apple-system, system-ui, BlinkMacSystemFont, 'Segoe UI', 'Open Sans', 'Helvetica Neue', Helvetica, Arial, sans-serif;">
<p style="...">...</p>
</body>
</html>
Request
GET /userProfile.php?sessionId=7576572ce164646de967c759643d53031 HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Firefox/107.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Cookie: JSESSIONID=7576572ce164646de967c759643d53031 Te: trailers Connection: keep-alive PrettyRaw | Hex | php | curl | ln | Pretty HTTP/1.1 200 OK Date: Fri, 09 Dec 2022 11:42:27 GMT Server: Apache/2.4.54 (Unix) OpenSSL/1.0.2k-fips PHP/8.0.25 X-Powered-By: PHP/8.0.25 Content-Length: 12746 Content-Type: text/html; charset=UTF-8 Connection: keep-alive Set-Cookie: JSESSIONID=7576572ce164646de967c759643d53031; Path=/; HttpOnly
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Example Domain</title>
</head>
<body style="background-color:#f0f0f2; margin:0; padding:0; font-family: -apple-system, system-ui, BlinkMacSystemFont, 'Segoe UI', 'Open Sans', 'Helvetica Neue', Helvetica, Arial, sans-serif;">
<p style="...">...</p>
</body>
</html>
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
Under the same-origin policy (also SOP), a web browser permits scripts contained in a web page to access data in another web page, but only if both web pages have the same origin. Which of the following pages are in the same origin as that of the below URL?
http://www.example.com/dir/page2.html
* http://www.example.com/dir/other.html
* http://www.example.com:81/dir/other.html
* http://www.example.com/dir/other.html
* http://en.example.com/dir/other.html
http://www.example.com/dir/page2.html
* http://www.example.com/dir/other.html
* http://www.example.com:81/dir/other.html
* http://www.example.com/dir/other.html
* http://en.example.com/dir/other.html
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
Which of the following is NOT an asymmetric key encryption algorithm?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)