20:00

PDF|

Guide for CAP: The SecOps Group Certified AppSec Practitioner

Quiz CAP: The SecOps Group Certified AppSec Practitioner

Free Test
/ 10

Quiz

1/10
Salt is a cryptographically secure random string that is added to a password before it is hashed. In
this context, what is the primary objective of salting?
Select the answer
1 correct answer
A.
To defend against dictionary attacks or attacks against hashed passwords using a rainbow table.
B.
To slow down the hash calculation process.
C.
To generate a long password hash that is difficult to crack.
D.
To add a secret message to the password hash.

Quiz

2/10
Which of the following directives in a Content-Security-Policy HTTP response header, can be used to
prevent a Clickjacking attack?
Select the answer
1 correct answer
A.
script-src
B.
object-src
C.
frame-ancestors
D.
base-uri

Quiz

3/10
The application is vulnerable to Cross-Site Scripting. Which of the following exploitation is NOT
possible at all?
Select the answer
1 correct answer
A.
Steal the user's session identifier stored on a non HttpOnly cookie
B.
Steal the contents from the web page
C.
Steal the contents from the application's database
D.
Steal the contents from the user's keystrokes using keyloggers

Quiz

4/10
Which of the following SSL/TLS protocols are considered to be insecure?
Select the answer
1 correct answer
A.
SSLv2 and SSLv3
B.
TLSv1.0 and TLSv1.1
C.
Both A and B
D.
SSLv2, SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 and TLSv1.3

Quiz

5/10
In the context of the infamous log4j vulnerability (CVE-2021-44228), which vulnerability is exploited
in the backend to achieve Remote Code Execution?
Select the answer
1 correct answer
A.
JNDI Injection
B.
JNDI Injection
C.
JNDI Injection
D.
None of the above

Quiz

6/10
In the context of the CORS (Cross-origin resource sharing) misconfiguration, which of the following
statements is true?
Select the answer
1 correct answer
A.
CORS is exploitable if the value of the HTTP headers are Access-Control-Allow-Origin: * and Access-Control-Allow-Credentials: true
B.
CORS is exploitable if the value of the HTTP headers are Access-Control-Allow-Origin: * and Access-Control-Allow-Credentials: false
C.
CORS is exploitable if the value of the HTTP headers is Access-Control-Allow-Origin: * and the value of the Access-Control-Allow-Credentials header is irrelevant
D.
All of the above

Quiz

7/10
In the screenshot below, an attacker is attempting to exploit which vulnerability?
POST /upload.php HTTP/1.1
Host: example.com
Cookie: session=xyz123;JSESSIONID=abc123
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) rv:107.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary= --- WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Length: 12345
Connection: keep-alive
Content-Disposition: form-data; name="avatar"; filename="malicious.php"
Content-Type: image/jpeg
<?php
phpinfo();
?>
Select the answer
1 correct answer
A.
HTTP Desync Attack
B.
File Path Traversal Attack
C.
File Upload Vulnerability
D.
Server-Side Request Forgery

Quiz

8/10
In the screenshot below, which of the following is incorrect?
Target: [https://example.com](https://example.com)
HTTP/1.1 404 Not Found
Date: Fri, 09 Dec 2022 18:03:49 GMT
Server: Apache
Vary: Cookie
X- Powered-By: PHP/5.4.5-5
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Cookie: JSESSIONID=1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789; secure; HttpOnly;
SameSite=None
Select the answer
1 correct answer
A.
The application discloses the framework name and version
B.
The application reveals user-agent details
C.
A cookie is set with HttpOnly and a Secure flag
D.
The application accepts insecure protocol

Quiz

9/10
Which of the following is considered as a safe password?
Select the answer
1 correct answer
A.
Monday@123
B.
abcdef
C.
Sq0Jh819%ak
D.
1234567890

Quiz

10/10
Which SQL function can be used to read the contents of a file during manual exploitation of the SQL
injection vulnerability in a MySQL database?
Select the answer
1 correct answer
A.
READ_FILE()
B.
LOAD_FILE()
C.
FETCH_FILE()
D.
GET_FILE()
Looking for more questions?Buy now

CAP: The SecOps Group Certified AppSec Practitioner Practice test unlocks all online simulator questions

Thank you for choosing the free version of the CAP: The SecOps Group Certified AppSec Practitioner practice test! Further deepen your knowledge on The SecOps Group Simulator; by unlocking the full version of our CAP: The SecOps Group Certified AppSec Practitioner Simulator you will be able to take tests with over 60 constantly updated questions and easily pass your exam. 98% of people pass the exam in the first attempt after preparing with our 60 questions.

BUY NOW

What to expect from our CAP: The SecOps Group Certified AppSec Practitioner practice tests and how to prepare for any exam?

The CAP: The SecOps Group Certified AppSec Practitioner Simulator Practice Tests are part of the The SecOps Group Database and are the best way to prepare for any CAP: The SecOps Group Certified AppSec Practitioner exam. The CAP: The SecOps Group Certified AppSec Practitioner practice tests consist of 60 questions and are written by experts to help you and prepare you to pass the exam on the first attempt. The CAP: The SecOps Group Certified AppSec Practitioner database includes questions from previous and other exams, which means you will be able to practice simulating past and future questions. Preparation with CAP: The SecOps Group Certified AppSec Practitioner Simulator will also give you an idea of the time it will take to complete each section of the CAP: The SecOps Group Certified AppSec Practitioner practice test . It is important to note that the CAP: The SecOps Group Certified AppSec Practitioner Simulator does not replace the classic CAP: The SecOps Group Certified AppSec Practitioner study guides; however, the Simulator provides valuable insights into what to expect and how much work needs to be done to prepare for the CAP: The SecOps Group Certified AppSec Practitioner exam.

BUY NOW

CAP: The SecOps Group Certified AppSec Practitioner Practice test therefore represents an excellent tool to prepare for the actual exam together with our The SecOps Group practice test . Our CAP: The SecOps Group Certified AppSec Practitioner Simulator will help you assess your level of preparation and understand your strengths and weaknesses. Below you can read all the quizzes you will find in our CAP: The SecOps Group Certified AppSec Practitioner Simulator and how our unique CAP: The SecOps Group Certified AppSec Practitioner Database made up of real questions:

Info quiz:

  • Quiz name:CAP: The SecOps Group Certified AppSec Practitioner
  • Total number of questions:60
  • Number of questions for the test:50
  • Pass score:80%

You can prepare for the CAP: The SecOps Group Certified AppSec Practitioner exams with our mobile app. It is very easy to use and even works offline in case of network failure, with all the functions you need to study and practice with our CAP: The SecOps Group Certified AppSec Practitioner Simulator.

Use our Mobile App, available for both Android and iOS devices, with our CAP: The SecOps Group Certified AppSec Practitioner Simulator . You can use it anywhere and always remember that our mobile app is free and available on all stores.

Our Mobile App contains all CAP: The SecOps Group Certified AppSec Practitioner practice tests which consist of 60 questions and also provide study material to pass the final CAP: The SecOps Group Certified AppSec Practitioner exam with guaranteed success. Our CAP: The SecOps Group Certified AppSec Practitioner database contain hundreds of questions and The SecOps Group Tests related to CAP: The SecOps Group Certified AppSec Practitioner Exam. This way you can practice anywhere you want, even offline without the internet.

BUY NOW