Download the C-APIPen Dumps (V8.02) On Your Device and Start Learning: Our C-APIPen Free Dumps (Part 3, Q81-Q100) Are Online for Checking

1. You're allowed to create rules via API: {"rule": "amount > 100"}.

How would you test this input for code injection in a JavaScript environment?

2. An API accepts parameters via multipart/form-data, such as image metadata.

How can you test this for injection?

3. An endpoint allows file exports with a format=pdf or format=csv parameter.

How would you test this for command injection?

4. The application uses a Redis-backed job queue and allows custom job submission via API.

How do you test this for command/code injection?

5. You identify that an internal API concatenates user input into shell commands.

How do you safely test

this for command injection without causing disruption?

6. A login form uses HTTP Basic Auth.

How can you test it for SQL Injection if you cannot directly modify the query?

7. You’re testing a server-side rendered analytics dashboard that accepts a filter input.

How would you confirm template or code injection?

8. You encounter an API for generating dynamic PDFs using LaTeX.

How would you exploit this for command injection?

9. A request uses Referer or User-Agent for logging.

How would you check these headers for command injection vulnerabilities?

10. You find a custom shell wrapper API where the endpoint executes a CLI tool with user input.

How can you safely and effectively test this for injection?

11. You identify a login endpoint at /api/login accepting JSON credentials. Describe how to test it for a basic brute-force attack.

12. A login API returns “Invalid username or password” on failed login.

How would you detect user enumeration via brute force?

13. How do you test for password spraying against an API that supports HTTP Basic Authentication?

14. An API endpoint is rate-limited but doesn't blacklist IPs.

How would you bypass brute-force protection using distributed spraying?

15. You find a GraphQL mutation login(email, password) that returns null on failure.

How do you test it for brute force vulnerability?

16. The password reset form allows unauthenticated users to request a reset token by entering their email.

How do you test it for user enumeration?

17. You observe that reset tokens are sent as links with predictable values.

How would you test the reset token for predictability?

18. How do you test if reset tokens are valid beyond their expected expiration period?

19. You identify that a reset token is stored client-side in a cookie.

How would you test for insecure storage or manipulation?

20. A reset link contains a base64-encoded token. Describe how to assess whether it's reversible or discloses user data.