Weekend Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

AppSec Practitioner CAP Exam Questions and Answers PDF

Page: 3 / 5
Total 60 questions

Certified AppSec Practitioner Exam Questions and Answers

Question 9

Under the same-origin policy (also SOP), a web browser permits scripts contained in a web page to access data in another web page, but only if both web pages have the same origin. Which of the following pages are in the same origin as that of the below URL?

Options:

A.

1 Only

B.

1 and 2

C.

1, 3 and 4

D.

None of the above

Question 10

In the context of the Race Condition vulnerability, which of the following statements is true?

Options:

A.

A situation that occurs when two threads access the same resource at the same time.

B.

A situation that occurs when two threads access different resources at the same time.

C.

A situation that occurs when a single thread unpredictably accesses two resources.

D.

A situation that occurs when a single thread predictably accesses two resources.

Question 11

Which HTTP header is used by the CORS (Cross-origin resource sharing) standard to control access to resources on a server?

Options:

A.

Access-Control-Request-Method

B.

Access-Control-Request-Headers

C.

Access-Control-Allow-Headers

D.

None of the above

Question 12

An application’s forget password functionality is described below:

The user enters their email address and receives a message on the web page:

“If the email exists, we will email you a link to reset the password”

The user also receives an email saying:

“Please use the link below to create a new password:”

(Note that the developer has included a one-time random token with the ‘userId’ parameter in the link). So, the link seems like:

&token=70e7803e-bf53-45e1-8a3f-fb15da7de3a0

Will this mechanism prevent an attacker from resetting arbitrary users’ passwords?

Options:

A.

True

B.

False

Page: 3 / 5
Total 60 questions