Weekend Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium The SecOps Group CAP Dumps Questions Answers

Page: 1 / 5
Total 60 questions

Certified AppSec Practitioner Exam Questions and Answers

Question 1

After purchasing an item on an e-commerce website, a user can view his order details by visiting the URL:

A security researcher pointed out that by manipulating the order_id value in the URL, a user can view arbitrary orders and sensitive information associated with that order_id.

Which of the following is correct?

Options:

A.

The root cause of the problem is a lack of input validation and by implementing a strong whitelisting, the problem can be solved

B.

The root cause of the problem is a weak authorization (Session Management) and by validating a user's privileges, the issue can be fixed

C.

The problem can be solved by implementing a Web Application Firewall (WAF)

D.

None of the above

Buy Now
Question 2

In the context of NoSQL injection, which of the following is correct?

Statement A: NoSQL databases provide looser consistency restrictions than traditional SQL databases. By requiring fewer relational constraints and consistency checks, NoSQL databases often offer performance and scaling benefits. Yet these databases are still potentially vulnerable to injection attacks, even if they aren’t using the traditional SQL syntax.

Statement B: NoSQL database calls are written in the application’s programming language, a custom API call, or formatted according to a common convention (such as XML, JSON, LINQ, etc).

Options:

A.

A is true, and B is false

B.

A is false, and B is true

C.

Both A and B are false

D.

Both A and B are true

Question 3

Which of the following directives in a Content-Security-Policy HTTP response header, can be used to prevent a Clickjacking attack?

Options:

A.

script-src

B.

object-src

C.

frame-ancestors

D.

base-uri