The SecOps Group Certified AppSec Practitioner - CAP Exam Questions
QUESTION NO: 1
Multifactor authentication will NOT be able to prevent:
Multifactor authentication will NOT be able to prevent:
Correct Answer: C
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 2
After purchasing an item on an e-commerce website, a user can view their order details by visiting the URL:
https://example.com/?order_id=53870
A security researcher pointed out that by manipulating the order_id value in the URL, a user can view arbitrary orders and sensitive information associated with that order_id. This attack is known as:
After purchasing an item on an e-commerce website, a user can view their order details by visiting the URL:
https://example.com/?order_id=53870
A security researcher pointed out that by manipulating the order_id value in the URL, a user can view arbitrary orders and sensitive information associated with that order_id. This attack is known as:
Correct Answer: A
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 3
Which of the following attributes is NOT used to secure the cookie?
Which of the following attributes is NOT used to secure the cookie?
Correct Answer: A
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 4
Based on the screenshot below, which of the following statements is true?
Request
GET /userProfile.php?sessionId=7576572ce164646de967c759643d53031 HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Firefox/107.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Cookie: JSESSIONID=7576572ce164646de967c759643d53031 Te: trailers Connection: keep-alive PrettyRaw | Hex | php | curl | ln | Pretty HTTP/1.1 200 OK Date: Fri, 09 Dec 2022 11:42:27 GMT Server: Apache/2.4.54 (Unix) OpenSSL/1.0.2k-fips PHP/8.0.25 X-Powered-By: PHP/8.0.25 Content-Length: 12746 Content-Type: text/html; charset=UTF-8 Connection: keep-alive Set-Cookie: JSESSIONID=7576572ce164646de967c759643d53031; Path=/; HttpOnly
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Example Domain</title>
</head>
<body style="background-color:#f0f0f2; margin:0; padding:0; font-family: -apple-system, system-ui, BlinkMacSystemFont, 'Segoe UI', 'Open Sans', 'Helvetica Neue', Helvetica, Arial, sans-serif;">
<p style="...">...</p>
</body>
</html>
Based on the screenshot below, which of the following statements is true?
Request
GET /userProfile.php?sessionId=7576572ce164646de967c759643d53031 HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Firefox/107.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Cookie: JSESSIONID=7576572ce164646de967c759643d53031 Te: trailers Connection: keep-alive PrettyRaw | Hex | php | curl | ln | Pretty HTTP/1.1 200 OK Date: Fri, 09 Dec 2022 11:42:27 GMT Server: Apache/2.4.54 (Unix) OpenSSL/1.0.2k-fips PHP/8.0.25 X-Powered-By: PHP/8.0.25 Content-Length: 12746 Content-Type: text/html; charset=UTF-8 Connection: keep-alive Set-Cookie: JSESSIONID=7576572ce164646de967c759643d53031; Path=/; HttpOnly
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Example Domain</title>
</head>
<body style="background-color:#f0f0f2; margin:0; padding:0; font-family: -apple-system, system-ui, BlinkMacSystemFont, 'Segoe UI', 'Open Sans', 'Helvetica Neue', Helvetica, Arial, sans-serif;">
<p style="...">...</p>
</body>
</html>
Correct Answer: C
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 5
In the context of a Dependency Confusion Attack, which of the following files is analyzed for determining potential private packages?
In the context of a Dependency Confusion Attack, which of the following files is analyzed for determining potential private packages?
Correct Answer: D
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 6
You found the xmrpc.php endpoint while performing a security assessment on a web application. The target application is most likely using which of the following Content Management Systems (CMS)?
You found the xmrpc.php endpoint while performing a security assessment on a web application. The target application is most likely using which of the following Content Management Systems (CMS)?
Correct Answer: D
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
