CAP試験無料問題集「The SecOps Group Certified AppSec Practitioner 認定」

Which is the most effective way of input validation to prevent Cross-Site Scripting attacks?

Observe the HTTP request below and identify the vulnerability attempted.
GET /help.php?file=../../../etc/passwd HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Cookie: JSESSIONID=38RB5ECV10785B53AF29816E92E2E50 Te: trailers Connection: keep-alive

A website administrator forgot to renew the TLS certificate on time and as a result, the application is now displaying a TLS error message. However, on closer inspection, it appears that the error is due to the TLS certificate expiry.
Which of the following is correct?

Which of the following is NOT an asymmetric key encryption algorithm?

Scan the code below and identify the vulnerability which is the most applicable for this scenario.
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="xss">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.1/css/bootstrap.min.
css" integrity="sha384-WskhaSGFgHYWDcbwN70/dfYBj47jz9qbsMId
/iRN3ewGhXQFZCSftd1LZCfmhktB" crossorigin="anonymous">
<link rel="shortcut icon" href="/favicon.ico">
<link charset="utf-8" media="all" type="text/css" href="/static/css/main.css" rel="stylesheet">
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>