The SecOps Group Certified AppSec Practitioner - CAP 模擬練習

You found the xmrpc.php endpoint while performing a security assessment on a web application. The target application is most likely using which of the following Content Management Systems (CMS)?

正解: B
解説: (PassTest メンバーにのみ表示されます)
Which of the following Google Dorks can be used for finding directory listing on victim-app.com?

正解: D
解説: (PassTest メンバーにのみ表示されます)
A robots.txt file tells the search engine crawlers about the URLs which the crawler can access on your site.
Which of the following is true about robots.txt?

正解: B
解説: (PassTest メンバーにのみ表示されます)
Which of the following directives in a Content-Security-Policy HTTP response header, can be used to prevent a Clickjacking attack?

正解: A
解説: (PassTest メンバーにのみ表示されます)
Null Byte Injection is an active exploitation technique used to bypass sanity-checking filters in web applications by adding a URL-encoded null byte character to the user-supplied data. Which of the following is a URL-encoded representation of a null byte?

正解: C
解説: (PassTest メンバーにのみ表示されます)
Your application is hosting JavaScript from a third-party website as shown in the snippet below.
<script src="https://[//cdn.thirdparty-example.com/](example.js)" integrity="sha384-Fmb0CYeA6gM2uLuyvqs7x75u0mktDh2nKLomp3PHkJ0b5vJF2qF6Gbrc/6dK" crossorigin="anonymous"></script> Which of the following is true regarding the code snippet?

正解: B
解説: (PassTest メンバーにのみ表示されます)