CAP 무료 덤프문제 온라인 액세스

Based on the screenshot above, which of the following is the most true?
Screenshot
![Login Form]
coder@viewer
User does not exist
[Password field]
Forget password?
[Login button]
Not yet member? Sign now

• A.The application does not enforce a strong password policy
• B.The application is vulnerable to username enumeration
• C.None of the above
• D.The application is vulnerable to brute-force attacks

A website administrator forgot to renew the TLS certificate on time and as a result, the application is now displaying a TLS error message. However, on closer inspection, it appears that the error is due to the TLS certificate expiry.
Which of the following is correct?

• A.There is no urgency to renew the certificate as the communication is still over TLS
• B.There is an urgency to renew the certificate as the users of the website may get conditioned to ignore TLS warnings and therefore ignore a legitimate warning which could be a real Man-in-the-Middle attack

Which of the following is considered as a safe password?

• A.abcdef
• B.1234567890
• C.Sq0Jh819%ak
• D.Monday@123

An application's forget password functionality is described below:
The user enters their email address and receives a message on the web page:
"If the email exists, we will email you a link to reset the password"
The user also receives an email saying:
"Please use the link below to create a new password:"
http://example.com/reset_password?userId=5298
Which of the following is true?

• A.The application will allow the user to reset an arbitrary user's password
• B.The application is vulnerable to username enumeration
• C.The reset link uses an insecure channel
• D.Both A and C

Based on the below request/response, which of the following statements is true?
Send
GET
/dashboard.php?purl=http://attacker.com HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Firefox/107.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Cookie: JSESSIONID=38RB5ECV10785B53AF29816E92E2E50 Te: trailers Connection: keep-alive PrettyRaw | Hex | php | curl | ln | Pretty HTTP/1.1 302 Found 2022-12-03 17:38:18 GMT Date: Sat, 03 Dec 2022 17:38:18 GMT Server: Apache/2.4.54 (Unix) OpenSSL/1.0.2k-fips PHP/8.0.25 X-Powered-By: PHP/8.0.25 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Connection: keep-alive Location:
http://attacker.com
Set-Cookie: JSESSIONID=38C5ECV10785B53AF29816E92E2E50; Path=/; HttpOnly

• A.Application is vulnerable to Cross-Site Request Forgery vulnerability
• B.Application uses an insecure protocol
• C.All of the above
• D.Application is likely to be vulnerable to Open Redirection vulnerability