Secops-CAP

Explanation:
TLS (Transport Layer Security) certificates are validated by browsers to ensure secure communication. Browsers maintain a trusted store of public keys from known Certifying Authorities (CAs), which are used to verify the digital signature of a TLS certificate presented by a server. This process involves checking the certificate’s signature against the CA’s public key to confirm its authenticity and validity. If the signature matches and other criteria (e.g., expiration, revocation) are met, the certificate is deemed valid.
Option A ("The browser contains the private key..."): Incorrect, as browsers do not contain private keys of CAs; private keys are kept secret by the CAs themselves.
Option B ("The browser contains the public key..."): Correct, as browsers use CA public keys to validate certificates, enabling differentiation between valid and invalid TLS certificates.
Option C ("The browser contains both the public and private key..."): Incorrect, as browsers only store public keys, not private keys, for security reasons.
Option D ("The browser does not have any mechanism..."): Incorrect, as browsers have robust mechanisms (via CA public keys) to validate TLS certificates.
The correct answer is B, aligning with the CAP syllabus under "Secure Communication" and "TLS Configuration."
Reference: SecOps Group CAP Documents - "TLS/SSL Security," "Certificate Validation," and "OWASP Cryptographic Practices" sections.

Explanation:
Let’s evaluate the two statements about NoSQL injection:
Statement A: NoSQL databases (e.g., MongoDB, Cassandra) are designed for scalability and flexibility, often sacrificing strict consistency for performance (e.g., eventual consistency in distributed systems). Unlike traditional SQL databases, they do not enforce rigid relational constraints, which simplifies scaling but does not eliminate the risk of injection attacks. Even without SQL syntax, NoSQL databases are vulnerable to injection if user input is not sanitized (e.g., in MongoDB, injecting $where or $ne operators). This statement is true.
Statement B: NoSQL database queries are typically written in the application’s programming language (e.g., JavaScript for MongoDB), using a custom API (e.g., MongoDB’s query API), or formatted in standards like JSON, XML, or LINQ. For example, a MongoDB query might look like db.collection.find({ "key": input }), where input is a JSON-like structure. This statement accurately describes how NoSQL queries are constructed and is true.
Option A ("A is true, and B is false"): Incorrect, as both statements are true.
Option B ("A is false, and B is true"): Incorrect, as both statements are true.
Option C ("Both A and B are false"): Incorrect, as both statements are true.
Option D ("Both A and B are true"): Correct, as both statements accurately describe NoSQL databases and their vulnerability to injection.
The correct answer is D, aligning with the CAP syllabus under "NoSQL Injection" and "Database Security."
Reference: SecOps Group CAP Documents - "NoSQL Injection Vulnerabilities," "Database Query Security," and "OWASP Top 10 (A03:2021 - Injection)" sections.

Explanation:
Google Dorks are advanced search operators used to find specific information or vulnerabilities on the web. Directory listing vulnerabilities occur when a web server exposes the contents of a directory (e.g., file names, paths) due to misconfiguration. The operators intitle: and intext: are used to search for specific terms in the title or body of web pages, respectively, combined with site: to limit the search to a specific domain.
Option A ("intitle:'Index of' site:victim-app.com"): Correct, as intitle:"Index of" targets pages with "Index of" in the title, a common indicator of directory listings, and site:victim-app.com restricts the search to that domain.
Option B ("intext:'Index of' site:victim-app.com"): Correct, as intext:"Index of" searches for "Index of" within the page content, another reliable indicator of directory listings, combined with the domain restriction.
Option C ("Both A and B"): Correct, as both intitle: and intext: can effectively identify directory listings, making this the most comprehensive answer.
Option D ("None of the above"): Incorrect, as both A and B are valid Google Dorks for this purpose. The correct answer is C, aligning with the CAP syllabus under "Reconnaissance Techniques" and "Google Dorking."
Reference: SecOps Group CAP Documents - "Information Gathering," "Google Hacking," and "OWASP Testing Guide" sections.

Explanation:
Cookies can have security attributes to protect them against various attacks. Let’s evaluate each option to determine which attribute is not used to secure cookies:
Option A ("HttpOnly"): The HttpOnly attribute prevents cookies from being accessed by JavaScript (e.g., via document.cookie). This mitigates XSS attacks that attempt to steal session cookies, making
it a valid security attribute.
Option B ("Secure"): The Secure attribute ensures that the cookie is only sent over HTTPS connections, preventing it from being transmitted over unencrypted HTTP. This protects against interception (e.g., in a man-in-the-middle attack), making it a valid security attribute.
Option C ("Restrict"): There is no standard cookie attribute called Restrict. Cookie security attributes are well-defined (e.g., HttpOnly, Secure, SameSite), and Restrict does not exist in this context. This is not a valid attribute for securing cookies.
Option D ("Same-Site"): The SameSite attribute (e.g., SameSite=Strict or SameSite=Lax) controls whether a cookie is sent with cross-site requests. It helps mitigate CSRF attacks by ensuring the cookie is only sent with same-site requests (or limited cross-site scenarios), making it a valid security attribute.
The correct answer is C, as Restrict is not a recognized cookie attribute, aligning with the CAP syllabus under "Cookie Security" and "Session Management."
Reference: SecOps Group CAP Documents - "Cookie Security Attributes," "Session Security," and "OWASP Session Management Cheat Sheet" sections.

Explanation:
Server-side attacks target vulnerabilities on the server, often involving code execution, data manipulation, or unauthorized access to server resources.
Let’s evaluate each option:
Option A ("OS Code Injection"): This is a server-side attack where an attacker injects operating system commands (e.g., via system() calls in PHP) to execute arbitrary code on the server, such as rm -rf /.
Option B ("Cross-Site Request Forgery"): CSRF is a client-side attack where an attacker tricks a user’s browser into making an unintended request to a server where the user is authenticated (e.g., submitting a form to transfer funds). The attack exploits the client’s trust in the user’s session, not a server-side vulnerability. Thus, it is not a server-side attack.
Option C ("SQL Injection"): This is a server-side attack where an attacker injects malicious SQL code into a query (e.g., ' OR '1'='1) to manipulate the database, potentially extracting data or modifying records.
Option D ("Directory Traversal Attack"): This is a server-side attack where an attacker manipulates file paths (e.g., ../../etc/passwd) to access unauthorized files on the server outside the intended directory.
The correct answer is B, aligning with the CAP syllabus under "Client-Side vs. Server-Side Attacks"
and "CSRF Prevention."
Reference: SecOps Group CAP Documents - "CSRF Vulnerabilities," "Server-Side Attacks," and "OWASP Top 10 (A08:2021 - Software and Data Integrity Failures)" sections.