Certified AppSec Practitioner CAP Exam, Exams of Technology

This certification exam validates foundational knowledge in application security practices. It covers secure software development lifecycle (SDLC), common vulnerabilities, secure coding principles, threat modeling, and risk mitigation. Candidates are assessed on identifying application risks and supporting secure development practices. The exam emphasizes proactive security integration within software development.

Typology: Exams

2025/2026

Available from 01/22/2026

shilpi-jain-2
shilpi-jain-2 🇮🇳

1

(1)

25K documents

1 / 122

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Certified AppSec Practitioner CAP Exam
Question 1. **What is the primary purpose of the ioXt Alliance’s “Live Label” on IoT
products?**
A) To provide a warranty period for hardware failures
B) To display realtime security status and certification information to consumers
C) To indicate the product’s energy efficiency rating
D) To list the compatible mobile operating systems
Answer: B
Explanation: The Live Label, combined with a QR code, allows consumers to instantly verify that
the device meets ioXt security standards and view its certification status.
---
Question 2. **Which of the following entities is NOT typically a governance participant in the
ioXt Alliance?**
A) Google
B) Amazon
C) TMobile
D) Local municipal government
Answer: D
Explanation: Governance is performed by major technology stakeholders such as Google,
Amazon, and TMobile; local governments do not sit on the core governance board.
---
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62
pf63
pf64

Partial preview of the text

Download Certified AppSec Practitioner CAP Exam and more Exams Technology in PDF only on Docsity!

Question 1. What is the primary purpose of the ioXt Alliance’s “Live Label” on IoT products? A) To provide a warranty period for hardware failures B) To display real‑time security status and certification information to consumers C) To indicate the product’s energy efficiency rating D) To list the compatible mobile operating systems Answer: B Explanation: The Live Label, combined with a QR code, allows consumers to instantly verify that the device meets ioXt security standards and view its certification status.


Question 2. Which of the following entities is NOT typically a governance participant in the ioXt Alliance? A) Google B) Amazon C) T‑Mobile D) Local municipal government Answer: D Explanation: Governance is performed by major technology stakeholders such as Google, Amazon, and T‑Mobile; local governments do not sit on the core governance board.


Question 3. In the ioXt certification lifecycle, what distinguishes Self‑Certification from Authorized Lab Certification? A) Self‑Certification requires a third‑party audit, while Authorized Lab does not B) Authorized Lab Certification involves an independent, accredited lab performing the test suite C) Self‑Certification is only for software, not hardware D) Authorized Lab Certification is optional for all products Answer: B Explanation: Self‑Certification is performed by the manufacturer, whereas Authorized Lab Certification requires an independent, accredited lab to execute the full test suite.


Question 4. Which requirement is mandatory for a lab to maintain its authorized status in the ioXt program? A) Publishing all test results publicly B) Contributing to ioXt Working Groups and standard development C) Owning a proprietary hardware testing toolset D) Offering free testing services to startups Answer: B Explanation: Authorized labs must actively contribute to Working Groups, helping evolve the standards, as part of their ongoing obligations.


A) Shipping devices with Wi‑Fi enabled by default B) Disabling unused Bluetooth services and closing unused TCP ports before release C) Providing a public API key in the device documentation D) Allowing SSH access with the root password “admin” Answer: B Explanation: Secure Interfaces require hardening all physical and network interfaces, including disabling unused services and ports.


Question 8. What is a core requirement of the “Proven Cryptography” principle? A) Using proprietary encryption algorithms designed in‑house B) Implementing AES‑256 for data at rest and TLS 1.2+ for data in transit C) Relying on obfuscation to protect cryptographic keys D) Storing encryption keys in plain text on the device filesystem Answer: B Explanation: Proven Cryptography mandates the use of industry‑standard, peer‑reviewed algorithms such as AES and TLS, with proper key management.


Question 9. Which scenario violates the “Security by Default” principle? A) A smart thermostat ships with the highest encryption settings enabled B) A camera device ships with a factory‑set password that must be changed on first login C) An IoT light bulb ships with open Wi‑Fi access point mode enabled for easy setup

D) A device disables all unnecessary services before shipment Answer: C Explanation: Shipping a device with insecure defaults, such as an open Wi‑Fi AP, contradicts the Security by Default principle.


Question 10. Signed Software Updates protect against which of the following attacks? A) Physical tampering of the device casing B) Injection of malicious firmware by an attacker without a valid digital signature C) Denial‑of‑service attacks on the update server D) Credential stuffing on the device’s admin portal Answer: B Explanation: Digital signatures ensure that only authentic, untampered firmware can be installed, preventing malicious updates.


Question 11. Automatic Updates are required to be triggered without user interaction. Which mechanism is compliant? A) Sending a QR code that the user must scan to download the update B) Pushing a signed firmware image over a secure channel that the device installs autonomously C) Requiring the user to press a physical reset button to start the update D) Providing a downloadable zip file that the user must copy via USB

Explanation: The Security Expiration Date specifies the timeframe during which the product receives security updates.


Question 14. Which profile would be applied to a device that streams video to a cloud service and supports remote playback? A) Smart Speaker Profile B) Residential Camera Profile C) Network Lighting Controller Profile D) Base Profile Answer: B Explanation: Residential Cameras require specific security controls for video streaming and cloud storage.


Question 15. In the ioXt Test Case ID system, a test case ID that begins with “SC‑” indicates what? A) A test related to Secure Communications B) A test for Software Compatibility C) A test for Supply‑Chain integrity D) A test for Sensor Calibration Answer: A

Explanation: The “SC‑” prefix denotes test cases focused on secure communications, such as TLS validation.


Question 16. Mapping ioXt test cases to global standards helps achieve which benefit? A) Reducing the number of required test cases by 50% B) Aligning certification with recognized frameworks like NIST IR 8425 and ETSI EN 303 645 C. Eliminating the need for any manual testing D. Allowing manufacturers to skip cryptographic validation Answer: B Explanation: Mapping ensures that ioXt testing aligns with internationally recognized security standards.


Question 17. A product receives a “Base Score” of 85 out of 100. Which statement is true? A) The product failed the certification and must be withdrawn B) The product met all mandatory requirements and earned a high compliance rating C) The product is only eligible for self‑certification, not authorized lab certification D. The score indicates the product’s performance benchmark, not security Answer: B Explanation: A high Base Score indicates strong compliance with the mandatory and optional security controls.

Question 20. Which authentication flaw is most likely to be detected during MAP testing? A. Storing passwords in clear text within the app’s source code B. Using a hard‑coded API key that never expires C. Implementing OAuth 2.0 without PKCE on public clients D. Allowing users to change their password without re‑authentication Answer: C Explanation: OAuth 2.0 without PKCE on mobile apps can lead to token interception, a common MAP finding.


Question 21. During MAP network connectivity testing, which of the following indicates a potential MitM vulnerability? A) The app validates server certificates against a pinned public key hash B) The app accepts any server certificate as long as the hostname matches C) The app uses TLS 1.3 with forward secrecy D) The app performs certificate revocation checking via OCSP Answer: B Explanation: Accepting any certificate that matches the hostname without proper validation allows attackers to present fraudulent certificates.


Question 22. Which hardware security feature is evaluated under the “Chip‑Level Security” domain?

A) The presence of a removable SD card slot B) A Trusted Platform Module (TPM) or Secure Element that stores cryptographic keys C) The device’s color scheme and physical design D) The use of a low‑cost microcontroller without secure boot Answer: B Explanation: TPMs or Secure Elements provide a hardware root of trust and are key focus areas for chip‑level security.


Question 23. “Glitching” attacks on IoT hardware target which vulnerability? A) Weak Wi‑Fi encryption B) Timing inconsistencies that allow bypass of security checks during power or clock disturbances C) Insecure REST APIs D) Unpatched operating system kernels Answer: B Explanation: Glitching manipulates power or clock signals to cause the device to skip security checks.


Question 24. Side‑channel analysis typically attempts to extract secret information by monitoring which of the following? A) Network traffic patterns only

C) To check the device’s battery life during boot D) To confirm the device can connect to Wi‑Fi during startup Answer: B Explanation: Secure boot ensures only authenticated firmware can run, preventing malicious code injection at startup.


Question 27. Which IoT protocol is known for operating on a mesh network and is heavily used in smart lighting? A) Zigbee B) LTE‑M C) MQTT D) CoAP Answer: A Explanation: Zigbee provides low‑power mesh networking ideal for lighting control systems.


Question 28. Matter (formerly Project CHIP) primarily aims to achieve which of the following? A) Proprietary vendor lock‑in for smart home devices B) Interoperability and a unified security model across major smart‑home ecosystems C) High‑throughput streaming of 8K video D) Replacement of Wi‑Fi as the primary connectivity protocol

Answer: B Explanation: Matter standardizes communication and security across different manufacturers and ecosystems.


Question 29. In the context of BLE security, which feature provides protection against passive eavesdropping? A) Just Works pairing B) LE Secure Connections with Elliptic Curve Diffie‑Hellman (ECDH) key exchange C) Legacy pairing with a fixed PIN “0000” D) No encryption, only authentication Answer: B Explanation: LE Secure Connections uses ECDH to establish encrypted links, protecting data from eavesdropping.


Question 30. Which of the following is a requirement for an IoT device to be considered compliant with the “Signed Software Updates” principle? A) The update package must be larger than 1 MB B) The device must verify a digital signature using a trusted root certificate before applying the update C) The update can be delivered over unsecured HTTP as long as it is signed D) The signature can be optional if the update is marked as “critical”

Answer: B Explanation: After the expiration date, the manufacturer is not obligated to provide security updates, though the device may still function.


Question 33. Which of the following best describes a “Public Vulnerability Reporting Program” requirement for ioXt certification? A) The program must be hidden and only accessible to internal engineers B) It must provide a publicly accessible channel (e.g., email, web portal) for external researchers to submit findings C) It must require researchers to sign a non‑disclosure agreement before reporting D) It must guarantee a monetary bounty for every report received Answer: B Explanation: Transparency and accessibility are key; the program must be publicly visible to encourage external reporting.


Question 34. In the Base Profile, which of the following is a mandatory requirement? A) Support for over‑the‑air (OTA) firmware updates B) Implementation of a hardware random number generator (HRNG) for cryptographic operations C) Ability to reset the device to factory defaults via a physical button D) Inclusion of a voice‑assistant integration

Answer: C Explanation: The Base Profile mandates a secure method for users to restore the device to a known safe state.


Question 35. Which specialized device profile would require privacy‑focused controls for voice recordings? A) Residential Camera Profile B) Smart Speaker Profile C) Network Lighting Controller Profile D) Base Profile Answer: B Explanation: Smart Speakers handle voice data and must provide mechanisms to control recording, storage, and deletion.


Question 36. During MAP testing, a mobile app stores JWT tokens in plain text within SharedPreferences. Which risk does this create? A) Increased battery consumption B) Tokens can be extracted by other apps or malware on the device, leading to session hijacking C) The app will crash on startup D) The device’s Wi‑Fi will be disabled

Explanation: TLS 1.0 is deprecated and considered insecure; Proven Cryptography requires current, vetted algorithms.


Question 39. Which testing method is used to verify that a device’s firmware cannot be downgraded to an older, vulnerable version? A) Firmware version comparison test B) Rollback protection test, ensuring the bootloader validates version numbers and signatures before accepting an update C) Power cycling test D) UI usability test Answer: B Explanation: Rollback protection ensures that only newer, signed firmware can be installed, preventing downgrade attacks.


Question 40. In the context of the ioXt Alliance, what is a “Working Group”? A) A group of end‑users who test devices in their homes B) A collaborative committee of stakeholders that develops and updates security standards and test cases C) A sales team that promotes certified products D) A legal team that drafts licensing agreements Answer: B

Explanation: Working Groups consist of industry experts who shape the technical specifications and testing methodologies.


Question 41. Which of the following is an example of a “fallback” insecure state that must be avoided under the “Security by Default” principle? A) Enabling WPA3 as the default Wi‑Fi security mode B) Shipping a device with Bluetooth disabled by default C) Allowing the device to revert to an open Wi‑Fi hotspot if secure connection fails D) Using a strong, unique device certificate for TLS Answer: C Explanation: Reverting to an open hotspot creates an insecure fallback, violating the principle.


Question 42. During a hardware analysis, a lab discovers that the device’s microcontroller does not have a read‑out protection (RDP) fuse set. What risk does this present? A) The device cannot connect to Wi‑Fi B) An attacker can extract firmware and potentially retrieve secrets via direct memory access C) The device will overheat during operation D) The device will fail to power on Answer: B Explanation: Without RDP, firmware can be read from the chip, exposing secrets and facilitating reverse engineering.