SecOps Group CAP.pdf
Q: 1
Which of the following HTTP response header prevents the client from caching the HTTP response in
the most secure manner?
Options
Q: 2
In the screenshot below, an attacker is attempting to exploit which vulnerability?
POST /upload.php HTTP/1.1
Host: example.com
Cookie: session=xyz123;JSESSIONID=abc123
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) rv:107.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Length: 12345
Connection: keep-alive
Content-Disposition: form-data; name="avatar"; filename="malicious.php"
Content-Type: image/jpeg
Options
Q: 3
What is the full form of SAML?
Options
Q: 4
While performing a security audit of a web application, you discovered an exposed docker-
compose.yml file. What is the significance of this file and what data can be found in it?
Options
Q: 5
A website administrator forgot to renew the TLS certificate on time and as a result, the application is now displaying a TLS error message. However, on closer inspection, it appears that the error is due to the TLS certificate expiry. Which of the following is correct?
Options
Q: 6
Scan the code below and identify the vulnerability which is the most applicable for this scenario.
Options
Q: 7
An application’s forget password functionality is described below:
The user enters their email address and receives a message on the web page:
“If the email exists, we will email you a link to reset the password”
The user also receives an email saying:
“Please use the link below to create a new password:”
(Note that the developer has included a one-time random token with the ‘userId’ parameter in the
link). So, the link seems like:
https://example.com/reset_password?userId=5298&token=70e7803e-bf53-45e1-8a3ffb15da7de3a0
Will this mechanism prevent an attacker from resetting arbitrary users’ passwords?
Options
Q: 8
In the context of the CORS (Cross-origin resource sharing) misconfiguration, which of the following
statements is true?
Options
Q: 9
If the end-user input is not validated or sanitized, an application created using which of the following
languages or frameworks might be prone to Insecure Deserialization vulnerability?
Options
Q: 10
Which SQL function can be used to read the contents of a file during manual exploitation of the SQL
injection vulnerability in a MySQL database?
Options
Question 1 of 10
