최신 CAP 무료덤프 - The SecOps Group Certified AppSec Practitioner

문제1

Based on the below HTTP request, which of the following statements is correct?
POST /changepassword HTTP/2
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Cookie: JSESSIONID=38RB5ECV10785B53AF29816E92E2E50 Content-Length: 95 new_password=usher!@22&confirm_password=usher!@22

A. All of the above

B. The change password feature is vulnerable to Cross-Site Request Forgery attack

C. The change password feature uses basic authorization

D. The change password feature does not validate the user

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제2

An application's forget password functionality is described below:
The user enters their email address and receives a message on the web page:
"If the email exists, we will email you a link to reset the password"
The user also receives an email saying:
"Please use the link below to create a new password:"
http://example.com/reset_password?userId=5298
Which of the following is true?

A. The application is vulnerable to username enumeration

B. Both A and C

C. The application will allow the user to reset an arbitrary user's password

D. The reset link uses an insecure channel

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제3

Which is the most effective way of input validation to prevent Cross-Site Scripting attacks?

A. Blacklisting HTML and other harmful characters

B. Marking Cookie as HttpOnly

C. Using a Web Application Firewall (WAF)

D. Whitelisting and allowing only trusted input

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제4

Multifactor authentication will NOT be able to prevent:

A. Cross-Site Request Forgery Vulnerability

B. Cross-Site Scripting Vulnerability

C. All of the above

D. Path Traversal Vulnerability

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제5

Which of the following hashing algorithms is considered to be the most secure amongst these?

A. Bcrypt

B. SHA-1

C. MD5

D. SHA-0

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제6

In the context of the CORS (Cross-origin resource sharing) misconfiguration, which of the following statements is true?

A. CORS is exploitable if the value of the HTTP headers are Access-Control-Allow-Origin: * and Access- Control-Allow-Credentials: false

B. All of the above

C. CORS is exploitable if the value of the HTTP headers are Access-Control-Allow-Origin: * and Access- Control-Allow-Credentials: true

D. CORS is exploitable if the value of the HTTP headers is Access-Control-Allow-Origin: * and the value of the Access-Control-Allow-Credentials header is irrelevant

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

최신 CAP 무료덤프 - The SecOps Group Certified AppSec Practitioner

우리와 연락하기

유용한 링크

최신 업데이트