100% Free The SecOps Group Certified-AppSec-Practitioner Practice Test Questions

Question 1

Which of the following security attributes ensures that the browser only sends the cookie over a TLS (encrypted) channel?

A : Secure

B : HttpOnly

C : No_XSS

D : None of the above

Answer: A

Question 2

Based on the screenshot below, which of the following statements is true?RequestGET /userProfile.php?sessionId=7576572ce164646de967c759643d53031 HTTP/1.1Host: example.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Firefox/107.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-GB,en;q=0.5Accept-Encoding: gzip, deflateUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: noneSec-Fetch-User: ?1Cookie: JSESSIONID=7576572ce164646de967c759643d53031Te: trailersConnection: keep-alivePrettyRaw | Hex | php | curl | ln | PrettyHTTP/1.1 200 OKDate: Fri, 09 Dec 2022 11:42:27 GMTServer: Apache/2.4.54 (Unix) OpenSSL/1.0.2k-fips PHP/8.0.25X-Powered-By: PHP/8.0.25Content-Length: 12746Content-Type: text/html; charset=UTF-8Connection: keep-aliveSet-Cookie: JSESSIONID=7576572ce164646de967c759643d53031; Path=/; HttpOnly

A : The application uses an insecure channel (non-TLS)

B : The application uses an insecure HTTP method (GET) to send sensitive information

C : The application is vulnerable to Cross-Site Scripting attacks

D : All of the above

Answer: B

Question 3

In the context of the Race Condition vulnerability, which of the following statements is true?

A : A situation that occurs when two threads access the same resource at the same time.

B : A situation that occurs when two threads access different resources at the same time.

C : A situation that occurs when a single thread unpredictably accesses two resources.

D : A situation that occurs when a single thread predictably accesses two resources.

Answer: A

Question 4

Based on the screenshot below, which of the following statements is true?RequestGET /userProfile.php?sessionId=7576572ce164646de967c759643d53031 HTTP/1.1Host: example.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Firefox/107.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-GB,en;q=0.5Accept-Encoding: gzip, deflateUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: noneSec-Fetch-User: ?1Cookie: JSESSIONID=7576572ce164646de967c759643d53031Te: trailersConnection: keep-alivePrettyRaw | Hex | php | curl | ln | PrettyHTTP/1.1 200 OKDate: Fri, 09 Dec 2022 11:42:27 GMTServer: Apache/2.4.54 (Unix) OpenSSL/1.0.2k-fips PHP/8.0.25X-Powered-By: PHP/8.0.25Content-Length: 12746Content-Type: text/html; charset=UTF-8Connection: keep-aliveSet-Cookie: JSESSIONID=7576572ce164646de967c759643d53031; Path=/; HttpOnly

A : The application uses an insecure channel (non-TLS)

B : The application uses an insecure HTTP method (GET) to send sensitive information

C : The application is vulnerable to Cross-Site Scripting attacks

D : All of the above

Answer: B

Question 5

Under the same-origin policy (also SOP), a web browser permits scripts contained in a web page to access data in another web page, but only if both web pages have the same origin. Which of the following pages are in the same origin as that of the below URL?http://www.example.com/dir/page2.htmlhttp://www.example.com/dir/other.htmlhttp://www.example.com:81/dir/other.htmlhttp://www.example.com/dir/other.htmlhttp://en.example.com/dir/other.html

A : 1 Only

B : 1 and 2

C : 1, 3 and 4

D : None of the above

Answer: A

Free Practice The SecOps Group Certified-AppSec-Practitioner Exam Questions 2025