Online Access Free CAP Practice Test

Based on the below-mentioned code snippet, the 'filename' variable is vulnerable to which of the following attacks?
import os
filename = input("Enter the file name:")
path = "/var/www/html/files/" + filename
content = ""
with open(path, 'r') as file:
content = file.read()
print("File content:\n", content)

• A.None of the above
• B.Remote Code Execution
• C.Path Traversal
• D.Both A and B

In the context of a Dependency Confusion Attack, which of the following files is analyzed for determining potential private packages?

• A.None of the above
• B.requirements.txt
• C.package.json
• D.Both A and B

Based on the screenshot below, which of the following statements is true?
Request
GET /userProfile.php?sessionId=7576572ce164646de967c759643d53031 HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Firefox/107.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Cookie: JSESSIONID=7576572ce164646de967c759643d53031 Te: trailers Connection: keep-alive PrettyRaw | Hex | php | curl | ln | Pretty HTTP/1.1 200 OK Date: Fri, 09 Dec 2022 11:42:27 GMT Server: Apache/2.4.54 (Unix) OpenSSL/1.0.2k-fips PHP/8.0.25 X-Powered-By: PHP/8.0.25 Content-Length: 12746 Content-Type: text/html; charset=UTF-8 Connection: keep-alive Set-Cookie: JSESSIONID=7576572ce164646de967c759643d53031; Path=/; HttpOnly
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Example Domain</title>
</head>
<body style="background-color:#f0f0f2; margin:0; padding:0; font-family: -apple-system, system-ui, BlinkMacSystemFont, 'Segoe UI', 'Open Sans', 'Helvetica Neue', Helvetica, Arial, sans-serif;">
<p style="...">...</p>
</body>
</html>

• A.All of the above
• B.The application is vulnerable to Cross-Site Scripting attacks
• C.The application uses an insecure channel (non-TLS)
• D.The application uses an insecure HTTP method (GET) to send sensitive information

A website administrator forgot to renew the TLS certificate on time and as a result, the application is now displaying a TLS error message. However, on closer inspection, it appears that the error is due to the TLS certificate expiry.
In the scenario described above, which of the following is correct?

• A.There is an urgency to renew the certificate as the users of the website may get conditioned to ignore TLS warnings and therefore ignore a legitimate warning which could be a real Man-in-the-Middle attack
• B.There is no urgency to renew the certificate as the communication is still over TLS

Which of the following is considered as a safe password?

• A.Sq0Jh819%ak
• B.abcdef
• C.1234567890
• D.Monday@123