Pass the The SecOps Group AppSec Practitioner CAP Questions and answers with CertsForce

Viewing page 1 out of 2 pages
Viewing questions 1-10 out of questions
Questions # 1:

Which of the following is correct?

Options:

A.

The browser contains the private key of all known Certifying Authorities (CA) and based on that, it differentiates between a valid and an invalid TLS Certificate


B.

The browser contains the public key of all known Certifying Authorities (CA) and based on that it is able to differentiate between a valid and an invalid TLS Certificate


C.

The browser contains both the public and private key of all known Certifying Authorities (CA) and based on that it is able to differentiate between a valid and an invalid TLS Certificate


D.

The browser does not have any mechanism to validate the TLS Certificate


Expert Solution
Questions # 2:

In the screenshot below, an attacker is attempting to exploit which vulnerability?

Request

POST /dashboard/userdata HTTP/1.1

Host: example.com

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Firefox/107.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8

Accept-Language: en-GB,en;q=0.5

Accept-Encoding: gzip, deflate

Upgrade-Insecure-Requests: 1

Sec-Fetch-Dest: document

Sec-Fetch-Mode: navigate

Sec-Fetch-Site: none

Sec-Fetch-User: ?1

Cookie: JSESSIONID=7576572ce167b5634ie646de967c759643d53031

Te: trailers

Connection: keep-alive

Content-Type: application/x-www-form-urlencoded

Content-Length: 36

useragent=http://127.0.0.1/admin

PrettyRaw | Hex | php | curl | ln | Pretty

HTTP/1.1 200 OK

Date: Fri, 09 Dec 2022 11:42:27 GMT

Content-Type: text/html; charset=UTF-8

Content-Length: 12746

Connection: keep-alive

X-Xss-Protection: 1; mode=block

X-Content-Type-Options: nosniff

X-Request-ID: 65403d71e8745d5e1fe205f44d531

Content-Length: 12746

<html>

<head>

<meta charset="utf-8">

<meta name="viewport" content="width=device-width, initial-scale=1">

<title>

Admin Panel

</title>

Options:

A.

HTTP Desync Attack


B.

File Path Traversal Attack


C.

Open URL Redirection


D.

Server-Side Request Forgery


Expert Solution
Questions # 3:

In the context of the Race Condition vulnerability, which of the following statements is true?

Options:

A.

A situation that occurs when two threads access the same resource at the same time.


B.

A situation that occurs when two threads access different resources at the same time.


C.

A situation that occurs when a single thread unpredictably accesses two resources.


D.

A situation that occurs when a single thread predictably accesses two resources.


Expert Solution
Questions # 4:

Which of the following directives in a Content-Security-Policy HTTP response header, can be used to prevent a Clickjacking attack?

Options:

A.

script-src


B.

object-src


C.

frame-ancestors


D.

base-uri


Expert Solution