1. What type of attack manipulates query parameters to exploit web databases?

• A) Cross-Site Scripting

• B) Command Injection

• C) SQL Injection

• D) Clickjacking

Answer: C) SQL Injection

Explanation: SQL Injection inserts malicious SQL queries into web forms to manipulate backend databases.

2. Which technique exploits web page scripts to execute malicious code in browsers?

• A) SQL Injection

• B) Cross-Site Scripting (XSS)

• C) Remote File Inclusion

• D) DNS Spoofing

Answer: B) Cross-Site Scripting (XSS)

Explanation: XSS allows attackers to inject malicious scripts into web pages viewed by other users.

3. Which HTTP method is most vulnerable to data exfiltration attacks?

• A) POST

• B) PUT

• C) DELETE

• D) GET

Answer: D) GET

Explanation: Sensitive data passed via GET URLs can be stored in logs or browser history, making it vulnerable.

4. Which tool is most commonly used for web application penetration testing?

• A) Nessus

• B) Burp Suite

• C) Wireshark

• D) Hydra

Answer: B) Burp Suite

Explanation: Burp Suite is a powerful toolkit for mapping, analyzing, and attacking web applications.

5. Which web attack exploits weak session management?

• A) CSRF

• B) Buffer Overflow

• C) Directory Traversal

• D) XXE Injection

Answer: A) CSRF

Explanation: Cross-Site Request Forgery (CSRF) manipulates authenticated users into executing unintended actions.

6. What is a common defense against XSS attacks?

• A) Using CAPTCHA

• B) Encrypting user data

• C) Implementing input validation and output encoding

• D) Blocking UDP traffic

Answer: C) Implementing input validation and output encoding

Explanation: Input validation and output encoding neutralize malicious data to prevent script execution.

7. What is the primary risk of a directory traversal attack?

• A) Gaining administrator privileges

• B) Extracting files outside the web root directory

• C) Manipulating server-side code

• D) Modifying DNS records

Answer: B) Extracting files outside the web root directory

Explanation: Directory traversal exploits path manipulation to access unauthorized files on the server.

8. Which attack manipulates an insecure deserialization vulnerability?

• A) LDAP Injection

• B) XML Injection

• C) Deserialization Attack

• D) Clickjacking

Answer: C) Deserialization Attack

Explanation: Deserialization attacks exploit insecure object deserialization to inject malicious code.

9. Which tool is best for performing brute force attacks on web login pages?

• A) Nikto

• B) John the Ripper

• C) Hydra

• D) Metasploit

Answer: C) Hydra

Explanation: Hydra efficiently performs automated brute-force attacks against web login pages.

10. Which HTTP header can mitigate clickjacking attacks?

• A) X-Frame-Options

• B) Content-Type

• C) Strict-Transport-Security

• D) Cache-Control

Answer: A) X-Frame-Options

Explanation: The X-Frame-Options header prevents web pages from being embedded in iframes, blocking clickjacking attempts.

Bonus: Question: What type of web attack exploits unsanitized user input in database queries?

• A) Cross-Site Scripting (XSS)

• B) SQL Injection (SQLi)

• C) Directory Traversal

• D) Clickjacking

Answer: B) SQL Injection (SQLi)

Explanation: SQL Injection occurs when attackers manipulate user input to execute unauthorized SQL commands, often exposing database contents.