최신 CAP 무료덤프 - The SecOps Group Certified AppSec Practitioner

문제1

A robots.txt file tells the search engine crawlers about the URLs which the crawler can access on your site.
Which of the following is true about robots.txt?

A. Developers must not list any sensitive files and directories in this file

B. Developers must list all sensitive files and directories in this file to secure them

C. None of the above

D. Both A and B

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제2

After purchasing an item on an e-commerce website, a user can view his order details by visiting the URL:
https://example.com/order_id=53870
A security researcher pointed out that by manipulating the order_id value in the URL, a user can view arbitrary orders and sensitive information associated with that order_id.
Which of the following is correct?

A. The root cause of the problem is a weak authorization (Session Management) and by validating a user's privileges, the issue can be fixed

B. The root cause of the problem is a lack of input validation and by implementing a strong whitelisting, the problem can be solved

C. The problem can be solved by implementing a Web Application Firewall (WAF)

D. None of the above

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제3

The following request is vulnerable to Cross-Site Request Forgery vulnerability.
POST /changepassword HTTP/2Host: example.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) rv:107.0) Gecko/20100101 Firefox/107.0 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec- Fetch-Site: same-origin Cookie: JSESSIONID=38RC5ECV10785B53AF19816E92E2E50 Content-Length: 95 new_password=lov3MyPiano23&confirm_password=lov3MyPiano23

A. True

B. False

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제4

What is the full form of SAML?

A. Security Assertion Management Language

B. Secure Authentication Markup Language

C. Security Assertion Markup Language

D. Security Authorization Markup Language

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제5

After purchasing an item on an e-commerce website, a user can view their order details by visiting the URL:
https://example.com/?order_id=53870
A security researcher pointed out that by manipulating the order_id value in the URL, a user can view arbitrary orders and sensitive information associated with that order_id. This attack is known as:

A. Insecure Direct Object Reference

B. Session Riding OR Cross-Site Request Forgery

C. Session Poisoning

D. Server-Side Request Forgery

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제6

Which of the following is NOT a Server-Side attack?

A. Cross-Site Request Forgery

B. SQL Injection

C. OS Code Injection

D. Directory Traversal Attack

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

최신 CAP 무료덤프 - The SecOps Group Certified AppSec Practitioner

우리와 연락하기

유용한 링크

최신 업데이트