Weekend Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

AppSec Practitioner CAP Passing Score

Page: 2 / 5
Total 60 questions

Certified AppSec Practitioner Exam Questions and Answers

Question 5

Based on the below HTTP request, which of the following statements is correct?

POST /changepassword HTTP/2

Host: example.com

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0

Sec-Fetch-Dest: document

Sec-Fetch-Mode: navigate

Sec-Fetch-Site: same-origin

Cookie: JSESSIONID=38RB5ECV10785B53AF29816E92E2E50

Content-Length: 95

new_password=usher!@22&confirm_password=usher!@22

Options:

A.

The change password feature does not validate the user

B.

The change password feature uses basic authorization

C.

The change password feature is vulnerable to Cross-Site Request Forgery attack

D.

All of the above

Question 6

Which of the following is a common attack in the context of SAML security?

Options:

A.

XML Signature Wrapping Attack

B.

XML External Entity Injection

C.

Assertion Replay Attack

D.

All of the above

Question 7

GraphQL is an open-source data query and manipulation language for APIs, and a query runtime engine. In this context, what is GraphQL Introspection?

Options:

A.

A technique for testing the compatibility of the GraphQL API with other systems

B.

A technique for testing the performance of the GraphQL API

C.

A technique for discovering the structure of the GraphQL API

D.

A technique for testing the security of the GraphQL API

Question 8

Null Byte Injection is an active exploitation technique used to bypass sanity-checking filters in web applications by adding a URL-encoded null byte character to the user-supplied data. Which of the following is a URL-encoded representation of a null byte?

Options:

A.

%01

B.

%10

C.

%25

D.

%00

Page: 2 / 5
Total 60 questions