Certified AppSec Pentester (CAPen) CAPen Exam Questions
Preparing for the CAPen exam is simple with Certs Vault. We offer easy-to-understand study materials that help you learn the most important exam topics. You can study using our PDF questions, practice online with a real exam-style test, or use the desktop practice software. Choose the study method that works best for you and prepare at your own pace.
At Certs Vault, we keep our CAPen practice questions up to date. Whenever the exam syllabus or objectives change, we update our study materials so you always learn the latest topics. This helps you save time, avoid outdated content, and feel more confident when you take your exam.
Question #1 (Topic: demo questions)
Identify email addresses belonging to a company using OSINT techniques.
Correct Answer: A
Explanation:
1. Use Hunter.io or theHarvester tool:
1. Use Hunter.io or theHarvester tool:
theHarvester -d target.com -b google
2. Search Google with: @target.com
3. Use LinkedIn or GitHub advanced search: site:github.com "@target.com"
4. Collect emails for phishing simulation (if permitted).
5. Verify email validity using tools like EmailHippo or Debounce.io.
Discover open directories with potentially sensitive files using Google dorks.
Question #2 (Topic: demo questions)
Discover open directories with potentially sensitive files using Google dorks.
Correct Answer: A
Explanation:
Use: intitle:"index of" "parent directory" +passwd
Use: intitle:"index of" "parent directory" +passwd
This searches for open directories with file listings containing "passwd".
Replace passwd with other keywords like .sql, .bak, .env, etc.
Confirm findings are in non-sensitive environments or demos.
Access is legal only if no authentication is bypassed or required
Question #3 (Topic: demo questions)
Find public documents on a government site that may contain sensitive metadata using Google dorks.
Correct Answer: A
Explanation:
Usethedork: site:gov filetype:pdf
Usethedork: site:gov filetype:pdf
Tofindspecific content, extend it: site:gov filetype:pdf confidential
Downloada few sample PDFs (legally and ethically).
Useexiftool filename.pdf or pdfinfo filename.pdf to extract metadata.
Checkforusernames, software versions, or timestamps that leak OSINT data.
Question #4 (Topic: demo questions)
Use a Google dork to identify login pages of vulnerable sites running PHP.
Correct Answer: A
Explanation:
OpenGoogle and use the dork: inurl:login.php intitle:"Login"