최신The SecOps Group Certified AppSec Practitioner - CAP무료샘플문제
문제1
Which of the following SSL/TLS protocols are considered to be insecure?
Which of the following SSL/TLS protocols are considered to be insecure?
정답: B
설명: (KoreaDumps 회원만 볼 수 있음)
문제2
A website administrator forgot to renew the TLS certificate on time and as a result, the application is now displaying a TLS error message. However, on closer inspection, it appears that the error is due to the TLS certificate expiry.
Which of the following is correct?
A website administrator forgot to renew the TLS certificate on time and as a result, the application is now displaying a TLS error message. However, on closer inspection, it appears that the error is due to the TLS certificate expiry.
Which of the following is correct?
정답: A
설명: (KoreaDumps 회원만 볼 수 있음)
문제3
In the screenshot below, an attacker is attempting to exploit which vulnerability?
Request
POST /dashboard/userdata HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Firefox/107.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Cookie: JSESSIONID=7576572ce167b5634ie646de967c759643d53031 Te: trailers Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 36 useragent=http://127.0.0.1/admin PrettyRaw | Hex | php | curl | ln | Pretty HTTP/1.1 200 OK Date: Fri, 09 Dec 2022 11:42:27 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 12746 Connection: keep-alive X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Request-ID: 65403d71e8745d5e1fe205f44d531 Content-Length: 12746
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>
Admin Panel
</title>
In the screenshot below, an attacker is attempting to exploit which vulnerability?
Request
POST /dashboard/userdata HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Firefox/107.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Cookie: JSESSIONID=7576572ce167b5634ie646de967c759643d53031 Te: trailers Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 36 useragent=http://127.0.0.1/admin PrettyRaw | Hex | php | curl | ln | Pretty HTTP/1.1 200 OK Date: Fri, 09 Dec 2022 11:42:27 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 12746 Connection: keep-alive X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Request-ID: 65403d71e8745d5e1fe205f44d531 Content-Length: 12746
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>
Admin Panel
</title>
정답: B
설명: (KoreaDumps 회원만 볼 수 있음)
문제4
Which of the following security attributes ensures that the browser only sends the cookie over a TLS (encrypted) channel?
Which of the following security attributes ensures that the browser only sends the cookie over a TLS (encrypted) channel?
정답: A
설명: (KoreaDumps 회원만 볼 수 있음)
문제5
An application's forget password functionality is described below:
The user enters their email address and receives a message on the web page:
"If the email exists, we will email you a link to reset the password"
The user also receives an email saying:
"Please use the link below to create a new password:"
http://example.com/reset_password?userId=5298
Which of the following is true?
An application's forget password functionality is described below:
The user enters their email address and receives a message on the web page:
"If the email exists, we will email you a link to reset the password"
The user also receives an email saying:
"Please use the link below to create a new password:"
http://example.com/reset_password?userId=5298
Which of the following is true?
정답: D
설명: (KoreaDumps 회원만 볼 수 있음)
문제6
Which of the following is a common attack in the context of SAML security?
Which of the following is a common attack in the context of SAML security?
정답: C
설명: (KoreaDumps 회원만 볼 수 있음)