최신The SecOps Group Certified AppSec Practitioner - CAP무료샘플문제
문제1
In the context of a Dependency Confusion Attack, which of the following files is analyzed for determining potential private packages?
In the context of a Dependency Confusion Attack, which of the following files is analyzed for determining potential private packages?
정답: C
설명: (ExamPassdump 회원만 볼 수 있음)
문제2
Which is the most effective way of input validation to prevent Cross-Site Scripting attacks?
Which is the most effective way of input validation to prevent Cross-Site Scripting attacks?
정답: B
설명: (ExamPassdump 회원만 볼 수 있음)
문제3
Multifactor authentication will NOT be able to prevent:
Multifactor authentication will NOT be able to prevent:
정답: D
설명: (ExamPassdump 회원만 볼 수 있음)
문제4
Which of the following is NOT a Server-Side attack?
Which of the following is NOT a Server-Side attack?
정답: C
설명: (ExamPassdump 회원만 볼 수 있음)
문제5
After purchasing an item on an e-commerce website, a user can view their order details by visiting the URL:
https://example.com/?order_id=53870
A security researcher pointed out that by manipulating the order_id value in the URL, a user can view arbitrary orders and sensitive information associated with that order_id. There are two fixes:
(Bob's Fix): In order to fix this vulnerability, a developer called Bob devised a fix so that the URL does not disclose the numeric value of the order_id but uses a SHA1 hash of the order_id in the URL, such as:
https://example.com/?order_id=1ff0fe6f1599536d1326418124a261bc98b8ea1
Note: that the SHA1 value of 53870 is 1ff0fe6f1599536d1326418124a261bc98b8ea1 (John's Fix): Another developer called John devised a different fix so that the URL does not disclose the numeric value of the order_id and uses a Base64 encoded value of the order_id in the URL, such as:
https://example.com/?order_id=NTM4NzA=
Note: that the Base64 encoded value of 53870 is NTM4NzA=
Which of the following is correct?
After purchasing an item on an e-commerce website, a user can view their order details by visiting the URL:
https://example.com/?order_id=53870
A security researcher pointed out that by manipulating the order_id value in the URL, a user can view arbitrary orders and sensitive information associated with that order_id. There are two fixes:
(Bob's Fix): In order to fix this vulnerability, a developer called Bob devised a fix so that the URL does not disclose the numeric value of the order_id but uses a SHA1 hash of the order_id in the URL, such as:
https://example.com/?order_id=1ff0fe6f1599536d1326418124a261bc98b8ea1
Note: that the SHA1 value of 53870 is 1ff0fe6f1599536d1326418124a261bc98b8ea1 (John's Fix): Another developer called John devised a different fix so that the URL does not disclose the numeric value of the order_id and uses a Base64 encoded value of the order_id in the URL, such as:
https://example.com/?order_id=NTM4NzA=
Note: that the Base64 encoded value of 53870 is NTM4NzA=
Which of the following is correct?
정답: C
설명: (ExamPassdump 회원만 볼 수 있음)
문제6
In the context of the following JWT token, which of the following statements is true?
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ey
JUYW1I1joiU2vjbB3ZiNo_mn0vNWT4G1-
ATqOTmo7rm70VI12WCdkMI_S1_bPg_G8
In the context of the following JWT token, which of the following statements is true?
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ey
JUYW1I1joiU2vjbB3ZiNo_mn0vNWT4G1-
ATqOTmo7rm70VI12WCdkMI_S1_bPg_G8
정답: B
설명: (ExamPassdump 회원만 볼 수 있음)