[&] Why might an arithmetic CAPTCHA be considered weak?
- It uses heavy graphical elements that slow down the page
- It requires complex text-based answers
- It is expensive to implement on all web services
- It can be easily solved by automated scripts using simple calculations -- Correct

[&] How can a web application penetration tester automate the solving of arithmetic CAPTCHAs?
- By utilizing brute force solving services
- By using machine learning to interpret image-based puzzles
- By disabling the CAPTCHA feature in the application settings
- By writing a script that extracts and calculates the CAPTCHA values -- Correct

[&] What is the primary purpose of lockout mechanisms in web applications?
- To ensure all users are connected through a secure VPN
- To enhance the aesthetic appeal of login forms
- To test the scalability of web application servers
- To prevent malicious attempts such as brute force or dictionary attacks -- Correct

[&] Which of the following is an advanced CAPTCHA mechanism that operates in the background without user interaction?
- Arithmetic CAPTCHA
- Text-based CAPTCHA
- ReCAPTCHA v3 -- Correct
- Image-based CAPTCHA

[&] What makes image-based CAPTCHAs more challenging for bots to bypass?
- They contain unique color patterns that bots cannot detect
- They require user interaction to select specific images -- Correct
- They are encrypted using SSL/TLS protocols
- They are integrated with cloud-based AI verification tools

[&] What vulnerability do text-based CAPTCHAs have against certain automated attacks?
- They do not refresh between user sessions
- They provide insufficient error feedback during failed attempts
- They can be solved by bots using Optical Character Recognition (OCR) -- Correct
- They can be bypassed using special browser plugins