Sign up to save your podcasts
Or
Share Part 8 - CEH v12 Practice Questions: Web Application Attack Fundamentals: 15 Questions
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Part 8 - CEH v12 Practice Questions: Web Application Attack Fundamentals: 15 Questions
Part 8: Web Application Attacks (15 Questions)
⸻
Which attack exploits unsanitized user input to execute malicious SQL commands?
• A) Cross-Site Scripting (XSS)
• B) SQL Injection (SQLi)
• C) Directory Traversal
• D) Session Hijacking
Answer: B) SQL Injection (SQLi)
Which web attack aims to execute malicious scripts in a victim’s browser via trusted websites?
• A) Cross-Site Scripting (XSS)
• B) Cross-Site Request Forgery (CSRF)
• C) Broken Authentication
• D) IDOR Attack
Answer: A) Cross-Site Scripting (XSS)
What is the primary goal of a Cross-Site Request Forgery (CSRF) attack?
• A) To trick the victim into executing unintended actions on a trusted site
• B) To capture session cookies
• C) To escalate user privileges
• D) To perform remote code execution
Answer: A) To trick the victim into executing unintended actions on a trusted site
Which HTTP method is most commonly exploited in file upload vulnerabilities?
• A) GET
• B) POST
• C) PUT
• D) DELETE
Answer: C) PUT
An attacker manipulates URL parameters to gain unauthorized access to resources. What attack is this?
• A) IDOR Attack
• B) CSRF Attack
• C) XSS Attack
• D) SQL Injection
Answer: A) IDOR Attack
What security vulnerability allows attackers to bypass authentication mechanisms via URL manipulation?
• A) Directory Traversal
• B) Command Injection
• C) Path Manipulation
• D) Broken Access Control
Answer: D) Broken Access Control
Which attack relies on injecting malicious commands directly into a vulnerable web application’s operating system?
• A) SQL Injection
• B) Command Injection
• C) Remote File Inclusion (RFI)
• D) Cross-Site Scripting (XSS)
Answer: B) Command Injection
Which web attack technique manipulates input fields to bypass client-side validation and inject malicious payloads?
• A) Form Injection
• B) SQL Injection
• C) Buffer Overflow
• D) LDAP Injection
Answer: D) LDAP Injection
What security header can help mitigate Cross-Site Scripting (XSS) attacks?
• A) X-Content-Type-Options
• B) Strict-Transport-Security
• C) Content-Security-Policy (CSP)
• D) Cache-Control
Answer: C) Content-Security-Policy (CSP)
Which web attack exploits weak session management by stealing or predicting session tokens?
• A) Clickjacking
• B) Cookie Poisoning
• C) Session Hijacking
• D) IDOR Attack
Answer: C) Session Hijacking
What is the primary goal of a Clickjacking attack?
• A) To inject malicious code into web forms
• B) To trick users into clicking invisible elements
• C) To modify cookie values
• D) To manipulate URL parameters
Answer: B) To trick users into clicking invisible elements
An attacker uses ../../etc/passwd in a URL to gain unauthorized access to system files. What attack is this?
• A) SQL Injection
• B) Directory Traversal
• C) Remote File Inclusion (RFI)
• D) Path Manipulation
Answer: B) Directory Traversal
Which OWASP Top 10 vulnerability relates to failing to properly validate uploaded files?
• A) Injection
• B) Security Misconfiguration
• C) Insecure Deserialization
• D) Unrestricted File Upload
Answer: D) Unrestricted File Upload
What type of attack involves including malicious scripts in web pages that execute on other users’ browsers?
• A) DOM-based XSS
• B) Stored XSS
• C) Reflected XSS
• D) Blind XSS
Answer: B) Stored XSS
Which tool is widely used for discovering web application vulnerabilities through automated scanning?
• A) Hydra
• B) Nikto
• C) John the Ripper
• D) Metasploit
Answer: B) Niktoissues.
View all episodes
By Edward HenriquezPart 8: Web Application Attacks (15 Questions)
⸻
Which attack exploits unsanitized user input to execute malicious SQL commands?
• A) Cross-Site Scripting (XSS)
• B) SQL Injection (SQLi)
• C) Directory Traversal
• D) Session Hijacking
Answer: B) SQL Injection (SQLi)
Which web attack aims to execute malicious scripts in a victim’s browser via trusted websites?
• A) Cross-Site Scripting (XSS)
• B) Cross-Site Request Forgery (CSRF)
• C) Broken Authentication
• D) IDOR Attack
Answer: A) Cross-Site Scripting (XSS)
What is the primary goal of a Cross-Site Request Forgery (CSRF) attack?
• A) To trick the victim into executing unintended actions on a trusted site
• B) To capture session cookies
• C) To escalate user privileges
• D) To perform remote code execution
Answer: A) To trick the victim into executing unintended actions on a trusted site
Which HTTP method is most commonly exploited in file upload vulnerabilities?
• A) GET
• B) POST
• C) PUT
• D) DELETE
Answer: C) PUT
An attacker manipulates URL parameters to gain unauthorized access to resources. What attack is this?
• A) IDOR Attack
• B) CSRF Attack
• C) XSS Attack
• D) SQL Injection
Answer: A) IDOR Attack
What security vulnerability allows attackers to bypass authentication mechanisms via URL manipulation?
• A) Directory Traversal
• B) Command Injection
• C) Path Manipulation
• D) Broken Access Control
Answer: D) Broken Access Control
Which attack relies on injecting malicious commands directly into a vulnerable web application’s operating system?
• A) SQL Injection
• B) Command Injection
• C) Remote File Inclusion (RFI)
• D) Cross-Site Scripting (XSS)
Answer: B) Command Injection
Which web attack technique manipulates input fields to bypass client-side validation and inject malicious payloads?
• A) Form Injection
• B) SQL Injection
• C) Buffer Overflow
• D) LDAP Injection
Answer: D) LDAP Injection
What security header can help mitigate Cross-Site Scripting (XSS) attacks?
• A) X-Content-Type-Options
• B) Strict-Transport-Security
• C) Content-Security-Policy (CSP)
• D) Cache-Control
Answer: C) Content-Security-Policy (CSP)
Which web attack exploits weak session management by stealing or predicting session tokens?
• A) Clickjacking
• B) Cookie Poisoning
• C) Session Hijacking
• D) IDOR Attack
Answer: C) Session Hijacking
What is the primary goal of a Clickjacking attack?
• A) To inject malicious code into web forms
• B) To trick users into clicking invisible elements
• C) To modify cookie values
• D) To manipulate URL parameters
Answer: B) To trick users into clicking invisible elements
An attacker uses ../../etc/passwd in a URL to gain unauthorized access to system files. What attack is this?
• A) SQL Injection
• B) Directory Traversal
• C) Remote File Inclusion (RFI)
• D) Path Manipulation
Answer: B) Directory Traversal
Which OWASP Top 10 vulnerability relates to failing to properly validate uploaded files?
• A) Injection
• B) Security Misconfiguration
• C) Insecure Deserialization
• D) Unrestricted File Upload
Answer: D) Unrestricted File Upload
What type of attack involves including malicious scripts in web pages that execute on other users’ browsers?
• A) DOM-based XSS
• B) Stored XSS
• C) Reflected XSS
• D) Blind XSS
Answer: B) Stored XSS
Which tool is widely used for discovering web application vulnerabilities through automated scanning?
• A) Hydra
• B) Nikto
• C) John the Ripper
• D) Metasploit
Answer: B) Niktoissues.