Question 1

Scan the code below and identify the vulnerability which is the most applicable for this scenario.

Options :

A : SQL Injection

B : Type Juggling

C : Component with a Known Vulnerability

D : Server-Side Request Forgery

Answer: C

Question 2

Which of the following security attributes ensures that the browser only sends the cookie over a TLS (encrypted) channel?

Options :

A : Secure

B : HttpOnly

C : No_XSS

D : None of the above

Answer: A

Question 3

Based on the screenshot below, which of the following statements is true?

Request

GET /userProfile.php?sessionId=7576572ce164646de967c759643d53031 HTTP/1.1

Host: example.com

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Firefox/107.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8

Accept-Language: en-GB,en;q=0.5

Accept-Encoding: gzip, deflate

Upgrade-Insecure-Requests: 1

Sec-Fetch-Dest: document

Sec-Fetch-Mode: navigate

Sec-Fetch-Site: none

Sec-Fetch-User: ?1

Cookie: JSESSIONID=7576572ce164646de967c759643d53031

Te: trailers

Connection: keep-alive

PrettyRaw | Hex | php | curl | ln | Pretty

HTTP/1.1 200 OK

Date: Fri, 09 Dec 2022 11:42:27 GMT

Server: Apache/2.4.54 (Unix) OpenSSL/1.0.2k-fips PHP/8.0.25

X-Powered-By: PHP/8.0.25

Content-Length: 12746

Content-Type: text/html; charset=UTF-8

Connection: keep-alive

Set-Cookie: JSESSIONID=7576572ce164646de967c759643d53031; Path=/; HttpOnly

Options :

A : The application uses an insecure channel (non-TLS)

B : The application uses an insecure HTTP method (GET) to send sensitive information

C : The application is vulnerable to Cross-Site Scripting attacks

D : All of the above

Answer: B

Question 4

Based on the below request/response, which of the following statements is true?

Send

GET

/dashboard.php?purl=http://attacker.com HTTP/1.1

Host: example.com

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Firefox/107.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8

Accept-Language: en-GB,en;q=0.5

Accept-Encoding: gzip, deflate

Upgrade-Insecure-Requests: 1

Sec-Fetch-Dest: document

Sec-Fetch-Mode: navigate

Sec-Fetch-Site: none

Sec-Fetch-User: ?1

Cookie: JSESSIONID=38RB5ECV10785B53AF29816E92E2E50

Te: trailers

Connection: keep-alive

PrettyRaw | Hex | php | curl | ln | Pretty

HTTP/1.1 302 Found 2022-12-03 17:38:18 GMT

Date: Sat, 03 Dec 2022 17:38:18 GMT

Server: Apache/2.4.54 (Unix) OpenSSL/1.0.2k-fips PHP/8.0.25

X-Powered-By: PHP/8.0.25

Content-Length: 0

Content-Type: text/html; charset=UTF-8

Connection: keep-alive

Location:

http://attacker.com

Set-Cookie: JSESSIONID=38C5ECV10785B53AF29816E92E2E50; Path=/; HttpOnly

Options :

A : Application is likely to be vulnerable to Open Redirection vulnerability

B : Application is vulnerable to Cross-Site Request Forgery vulnerability

C : Application uses an insecure protocol

D : All of the above

Answer: A

Question 5

In the context of the Race Condition vulnerability, which of the following statements is true?

Options :

A : A situation that occurs when two threads access the same resource at the same time.

B : A situation that occurs when two threads access different resources at the same time.

C : A situation that occurs when a single thread unpredictably accesses two resources.

D : A situation that occurs when a single thread predictably accesses two resources.

Answer: A

Smartly Prepare Exam with Free Online Certified-AppSec-Practitioner Practice Test

Buying Options: