최신 CAP 무료덤프 - The SecOps Group Certified AppSec Practitioner

문제1

Which of the following is NOT a symmetric key encryption algorithm?

A. RC4

B. AES

C. DES

D. RSA

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제2

An application's forget password functionality is described below:
The user enters their email address and receives a message on the web page:
"If the email exists, we will email you a link to reset the password"
The user also receives an email saying:
"Please use the link below to create a new password:"
(Note that the developer has included a one-time random token with the 'userId' parameter in the link). So, the link seems like:
https://example.com/reset_password?userId=5298&token=70e7803e-bf53-45e1-8a3f-fb15da7de3a0 Will this mechanism prevent an attacker from resetting arbitrary users' passwords?

A. True

B. False

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제3

While performing a security audit of a web application, you discovered an exposed docker-compose.yml file.
What is the significance of this file and what data can be found in it?

A. The docker-compose.yml file is a YAML file that contains the configuration of load balancers and firewalls.

B. The docker-compose.yml file is a YAML file that is used to define the services, networks, and volumes required for a Docker application. It specifies the configuration and dependencies for all containers in the application, including their network settings and container volumes.

C. The docker-compose.yml file is a YAML file that contains the application source code.

D. The docker-compose.yml file is a YAML file that contains the server logs and user session information including but not limited to admin users.

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제4

In the context of the Race Condition vulnerability, which of the following statements is true?

A. A situation that occurs when two threads access different resources at the same time.

B. A situation that occurs when a single thread predictably accesses two resources.

C. A situation that occurs when two threads access the same resource at the same time.

D. A situation that occurs when a single thread unpredictably accesses two resources.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제5

Based on the screenshot above, which of the following is the most true?
Screenshot
![Login Form]
coder@viewer
User does not exist
[Password field]
Forget password?
[Login button]
Not yet member? Sign now

A. The application is vulnerable to username enumeration

B. The application is vulnerable to brute-force attacks

C. None of the above

D. The application does not enforce a strong password policy

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제6

In the screenshot below, an attacker is attempting to exploit which vulnerability?
Request
POST /dashboard/userdata HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Firefox/107.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Cookie: JSESSIONID=7576572ce167b5634ie646de967c759643d53031 Te: trailers Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 36 useragent=http://127.0.0.1/admin PrettyRaw | Hex | php | curl | ln | Pretty HTTP/1.1 200 OK Date: Fri, 09 Dec 2022 11:42:27 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 12746 Connection: keep-alive X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Request-ID: 65403d71e8745d5e1fe205f44d531 Content-Length: 12746
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>
Admin Panel
</title>

A. Open URL Redirection

B. HTTP Desync Attack

C. File Path Traversal Attack

D. Server-Side Request Forgery

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

최신 CAP 무료덤프 - The SecOps Group Certified AppSec Practitioner

우리와 연락하기

유용한 링크

최신 업데이트