Sign up to save your podcasts
Or
Share Part 6 - CEH v12 Practice Questions: Web Attack Vulnerabilities and Exploits
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Part 6 - CEH v12 Practice Questions: Web Attack Vulnerabilities and Exploits
1. What type of attack manipulates query parameters to exploit web databases?
• A) Cross-Site Scripting
• B) Command Injection
• C) SQL Injection
• D) Clickjacking
Answer: C) SQL Injection
Explanation: SQL Injection inserts malicious SQL queries into web forms to manipulate backend databases.
2. Which technique exploits web page scripts to execute malicious code in browsers?
• A) SQL Injection
• B) Cross-Site Scripting (XSS)
• C) Remote File Inclusion
• D) DNS Spoofing
Answer: B) Cross-Site Scripting (XSS)
Explanation: XSS allows attackers to inject malicious scripts into web pages viewed by other users.
3. Which HTTP method is most vulnerable to data exfiltration attacks?
• A) POST
• B) PUT
• C) DELETE
• D) GET
Answer: D) GET
Explanation: Sensitive data passed via GET URLs can be stored in logs or browser history, making it vulnerable.
4. Which tool is most commonly used for web application penetration testing?
• A) Nessus
• B) Burp Suite
• C) Wireshark
• D) Hydra
Answer: B) Burp Suite
Explanation: Burp Suite is a powerful toolkit for mapping, analyzing, and attacking web applications.
5. Which web attack exploits weak session management?
• A) CSRF
• B) Buffer Overflow
• C) Directory Traversal
• D) XXE Injection
Answer: A) CSRF
Explanation: Cross-Site Request Forgery (CSRF) manipulates authenticated users into executing unintended actions.
6. What is a common defense against XSS attacks?
• A) Using CAPTCHA
• B) Encrypting user data
• C) Implementing input validation and output encoding
• D) Blocking UDP traffic
Answer: C) Implementing input validation and output encoding
Explanation: Input validation and output encoding neutralize malicious data to prevent script execution.
7. What is the primary risk of a directory traversal attack?
• A) Gaining administrator privileges
• B) Extracting files outside the web root directory
• C) Manipulating server-side code
• D) Modifying DNS records
Answer: B) Extracting files outside the web root directory
Explanation: Directory traversal exploits path manipulation to access unauthorized files on the server.
8. Which attack manipulates an insecure deserialization vulnerability?
• A) LDAP Injection
• B) XML Injection
• C) Deserialization Attack
• D) Clickjacking
Answer: C) Deserialization Attack
Explanation: Deserialization attacks exploit insecure object deserialization to inject malicious code.
9. Which tool is best for performing brute force attacks on web login pages?
• A) Nikto
• B) John the Ripper
• C) Hydra
• D) Metasploit
Answer: C) Hydra
Explanation: Hydra efficiently performs automated brute-force attacks against web login pages.
10. Which HTTP header can mitigate clickjacking attacks?
• A) X-Frame-Options
• B) Content-Type
• C) Strict-Transport-Security
• D) Cache-Control
Answer: A) X-Frame-Options
Explanation: The X-Frame-Options header prevents web pages from being embedded in iframes, blocking clickjacking attempts.
Bonus: Question: What type of web attack exploits unsanitized user input in database queries?
• A) Cross-Site Scripting (XSS)
• B) SQL Injection (SQLi)
• C) Directory Traversal
• D) Clickjacking
Answer: B) SQL Injection (SQLi)
Explanation: SQL Injection occurs when attackers manipulate user input to execute unauthorized SQL commands, often exposing database contents.
View all episodes
By Edward Henriquez1. What type of attack manipulates query parameters to exploit web databases?
• A) Cross-Site Scripting
• B) Command Injection
• C) SQL Injection
• D) Clickjacking
Answer: C) SQL Injection
Explanation: SQL Injection inserts malicious SQL queries into web forms to manipulate backend databases.
2. Which technique exploits web page scripts to execute malicious code in browsers?
• A) SQL Injection
• B) Cross-Site Scripting (XSS)
• C) Remote File Inclusion
• D) DNS Spoofing
Answer: B) Cross-Site Scripting (XSS)
Explanation: XSS allows attackers to inject malicious scripts into web pages viewed by other users.
3. Which HTTP method is most vulnerable to data exfiltration attacks?
• A) POST
• B) PUT
• C) DELETE
• D) GET
Answer: D) GET
Explanation: Sensitive data passed via GET URLs can be stored in logs or browser history, making it vulnerable.
4. Which tool is most commonly used for web application penetration testing?
• A) Nessus
• B) Burp Suite
• C) Wireshark
• D) Hydra
Answer: B) Burp Suite
Explanation: Burp Suite is a powerful toolkit for mapping, analyzing, and attacking web applications.
5. Which web attack exploits weak session management?
• A) CSRF
• B) Buffer Overflow
• C) Directory Traversal
• D) XXE Injection
Answer: A) CSRF
Explanation: Cross-Site Request Forgery (CSRF) manipulates authenticated users into executing unintended actions.
6. What is a common defense against XSS attacks?
• A) Using CAPTCHA
• B) Encrypting user data
• C) Implementing input validation and output encoding
• D) Blocking UDP traffic
Answer: C) Implementing input validation and output encoding
Explanation: Input validation and output encoding neutralize malicious data to prevent script execution.
7. What is the primary risk of a directory traversal attack?
• A) Gaining administrator privileges
• B) Extracting files outside the web root directory
• C) Manipulating server-side code
• D) Modifying DNS records
Answer: B) Extracting files outside the web root directory
Explanation: Directory traversal exploits path manipulation to access unauthorized files on the server.
8. Which attack manipulates an insecure deserialization vulnerability?
• A) LDAP Injection
• B) XML Injection
• C) Deserialization Attack
• D) Clickjacking
Answer: C) Deserialization Attack
Explanation: Deserialization attacks exploit insecure object deserialization to inject malicious code.
9. Which tool is best for performing brute force attacks on web login pages?
• A) Nikto
• B) John the Ripper
• C) Hydra
• D) Metasploit
Answer: C) Hydra
Explanation: Hydra efficiently performs automated brute-force attacks against web login pages.
10. Which HTTP header can mitigate clickjacking attacks?
• A) X-Frame-Options
• B) Content-Type
• C) Strict-Transport-Security
• D) Cache-Control
Answer: A) X-Frame-Options
Explanation: The X-Frame-Options header prevents web pages from being embedded in iframes, blocking clickjacking attempts.
Bonus: Question: What type of web attack exploits unsanitized user input in database queries?
• A) Cross-Site Scripting (XSS)
• B) SQL Injection (SQLi)
• C) Directory Traversal
• D) Clickjacking
Answer: B) SQL Injection (SQLi)
Explanation: SQL Injection occurs when attackers manipulate user input to execute unauthorized SQL commands, often exposing database contents.