Question 1

In the context of the Race Condition vulnerability, which of the following statements is true?

Options :

A : A situation that occurs when two threads access the same resource at the same time.

B : A situation that occurs when two threads access different resources at the same time.

C : A situation that occurs when a single thread unpredictably accesses two resources.

D : A situation that occurs when a single thread predictably accesses two resources.

Answer: A

Question 2

Under the same-origin policy (also SOP), a web browser permits scripts contained in a web page to access data in another web page, but only if both web pages have the same origin. Which of the following pages are in the same origin as that of the below URL?

http://www.example.com/dir/page2.html

http://www.example.com/dir/other.html

http://www.example.com:81/dir/other.html

http://www.example.com/dir/other.html

http://en.example.com/dir/other.html

Options :

A : 1 Only

B : 1 and 2

C : 1, 3 and 4

D : None of the above

Answer: A

Question 3

Based on the below request/response, which of the following statements is true?

Send

GET

/dashboard.php?purl=http://attacker.com HTTP/1.1

Host: example.com

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Firefox/107.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8

Accept-Language: en-GB,en;q=0.5

Accept-Encoding: gzip, deflate

Upgrade-Insecure-Requests: 1

Sec-Fetch-Dest: document

Sec-Fetch-Mode: navigate

Sec-Fetch-Site: none

Sec-Fetch-User: ?1

Cookie: JSESSIONID=38RB5ECV10785B53AF29816E92E2E50

Te: trailers

Connection: keep-alive

PrettyRaw | Hex | php | curl | ln | Pretty

HTTP/1.1 302 Found 2022-12-03 17:38:18 GMT

Date: Sat, 03 Dec 2022 17:38:18 GMT

Server: Apache/2.4.54 (Unix) OpenSSL/1.0.2k-fips PHP/8.0.25

X-Powered-By: PHP/8.0.25

Content-Length: 0

Content-Type: text/html; charset=UTF-8

Connection: keep-alive

Location:

http://attacker.com

Set-Cookie: JSESSIONID=38C5ECV10785B53AF29816E92E2E50; Path=/; HttpOnly

Options :

A : Application is likely to be vulnerable to Open Redirection vulnerability

B : Application is vulnerable to Cross-Site Request Forgery vulnerability

C : Application uses an insecure protocol

D : All of the above

Answer: A

Question 4

Based on the screenshot below, which of the following statements is true?

Request

GET /userProfile.php?sessionId=7576572ce164646de967c759643d53031 HTTP/1.1

Host: example.com

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Firefox/107.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8

Accept-Language: en-GB,en;q=0.5

Accept-Encoding: gzip, deflate

Upgrade-Insecure-Requests: 1

Sec-Fetch-Dest: document

Sec-Fetch-Mode: navigate

Sec-Fetch-Site: none

Sec-Fetch-User: ?1

Cookie: JSESSIONID=7576572ce164646de967c759643d53031

Te: trailers

Connection: keep-alive

PrettyRaw | Hex | php | curl | ln | Pretty

HTTP/1.1 200 OK

Date: Fri, 09 Dec 2022 11:42:27 GMT

Server: Apache/2.4.54 (Unix) OpenSSL/1.0.2k-fips PHP/8.0.25

X-Powered-By: PHP/8.0.25

Content-Length: 12746

Content-Type: text/html; charset=UTF-8

Connection: keep-alive

Set-Cookie: JSESSIONID=7576572ce164646de967c759643d53031; Path=/; HttpOnly

Options :

A : The application uses an insecure channel (non-TLS)

B : The application uses an insecure HTTP method (GET) to send sensitive information

C : The application is vulnerable to Cross-Site Scripting attacks

D : All of the above

Answer: B

Question 5

Which of the following security attributes ensures that the browser only sends the cookie over a TLS (encrypted) channel?

Options :

A : Secure

B : HttpOnly

C : No_XSS

D : None of the above

Answer: A

Higher Test Marks with Free Online Certified-AppSec-Practitioner Exam Practice

Buying Options: