CAP無料問題集「The SecOps Group Certified AppSec Practitioner」

質問 1

Determine the primary defense against a SQL injection vulnerability

（A）Using a Web Application Firewall (WAF)

（B）Prepared Statements with Parameterized Queries

（C）Use of NoSQL Database

（D）Blacklisting Single Quote Character (')

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

You found the xmrpc.php endpoint while performing a security assessment on a web application. The target application is most likely using which of the following Content Management Systems (CMS)?

（A）Both A and B

（B）None of the above

（C）WordPress

（D）Drupal

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

The application is vulnerable to Cross-Site Scripting. Which of the following exploitation is NOT possible at all?

（A）Steal the contents from the web page

（B）Steal the contents from the application's database

（C）Steal the user's session identifier stored on a non HttpOnly cookie

（D）Steal the contents from the user's keystrokes using keyloggers

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

Based on the screenshot below, which of the following statements is true?
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 359987
Cache-Control: max-age=604800
Content-Type: text/html; charset=UTF-8
Date: Fri, 02 Dec 2022 18:33:05 GMT
Expires: Fri, 09 Dec 2022 18:33:05 GMT
Last-Modified: Mon, 28 Nov 2022 14:33:18 GMT
Server: Microsoft-IIS/8.0
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Content-Length: 1256

（A）The application is disclosing the server version

（B）The application is disclosing the version of the framework used

（C）All of the above

（D）The application is using an outdated server technology

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

In the context of the following JWT token, which of the following statements is true?
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ey
JUYW1I1joiU2vjbB3ZiNo_mn0vNWT4G1-
ATqOTmo7rm70VI12WCdkMI_S1_bPg_G8

（A）The highlighted segment of the token represents a JWT Payload.

（B）None of the above.

（C）The highlighted segment of the token represents a JWT Header.

（D）Both A and B are correct.

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

Your application is hosting JavaScript from a third-party website as shown in the snippet below.
<script src="https://[//cdn.thirdparty-example.com/](example.js)" integrity="sha384-Fmb0CYeA6gM2uLuyvqs7x75u0mktDh2nKLomp3PHkJ0b5vJF2qF6Gbrc/6dK" crossorigin="anonymous"></script> Which of the following is true regarding the code snippet?

（A）The code snippet will perform validations for Cross-Site Scripting attacks

（B）The code snippet will perform Subresource Integrity (SRI) checks

（C）The code snippet will perform validations for Outdated Javascript checks

（D）The code snippet will perform validations for Cross-Site Request Forgery attacks

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

CAP 無料問題集「The SecOps Group Certified AppSec Practitioner」

弊社を連絡する

関連リンク

トップ試験