The SecOps Group Certified AppSec Practitioner - CAP 模擬練習
You found the xmrpc.php endpoint while performing a security assessment on a web application. The target application is most likely using which of the following Content Management Systems (CMS)?
正解: B
解説: (PassTest メンバーにのみ表示されます)
Which of the following Google Dorks can be used for finding directory listing on victim-app.com?
正解: D
解説: (PassTest メンバーにのみ表示されます)
A robots.txt file tells the search engine crawlers about the URLs which the crawler can access on your site.
Which of the following is true about robots.txt?
Which of the following is true about robots.txt?
正解: B
解説: (PassTest メンバーにのみ表示されます)
Which of the following directives in a Content-Security-Policy HTTP response header, can be used to prevent a Clickjacking attack?
正解: A
解説: (PassTest メンバーにのみ表示されます)
Null Byte Injection is an active exploitation technique used to bypass sanity-checking filters in web applications by adding a URL-encoded null byte character to the user-supplied data. Which of the following is a URL-encoded representation of a null byte?
正解: C
解説: (PassTest メンバーにのみ表示されます)
Your application is hosting JavaScript from a third-party website as shown in the snippet below.
<script src="https://[//cdn.thirdparty-example.com/](example.js)" integrity="sha384-Fmb0CYeA6gM2uLuyvqs7x75u0mktDh2nKLomp3PHkJ0b5vJF2qF6Gbrc/6dK" crossorigin="anonymous"></script> Which of the following is true regarding the code snippet?
<script src="https://[//cdn.thirdparty-example.com/](example.js)" integrity="sha384-Fmb0CYeA6gM2uLuyvqs7x75u0mktDh2nKLomp3PHkJ0b5vJF2qF6Gbrc/6dK" crossorigin="anonymous"></script> Which of the following is true regarding the code snippet?
正解: B
解説: (PassTest メンバーにのみ表示されます)