Module 14 - Hacking Web Application ( EC Mode Part 01 ) Flashcards
Which of the following attacks can take place due to flaws such as insecure cryptographic storage and information leakage?
A. SQL injection
B. Command injection
C. Sensitive data exposure
D. Shell injection
Answer: C. Sensitive data exposure
Which of the following attacks exploits vulnerabilities in dynamically generated webpages, which enables malicious attackers to inject client-side scripts into webpages viewed by other users?
A. Broken access control
B. Security misconfiguration
C. Cross-site scripting
D. Sensitive data exposure
Answer: C. Cross-site scripting
A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application has been developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the application’s search form and introduces the following code in the search input field: IMG SRC=vbscript:msgbox(“Vulnerable”);> originalAttribute=”SRC” originalPath=”vbscript:msgbox(“Vulnerable”);>”
When the analyst submits the form, the browser returns a pop-up window that says “Vulnerable.”
Which web applications vulnerability did the analyst discover?
A. SQL injection
B. Command injection
C. Cross-site scripting
D. Cross-site request forgery
Answer: C. Cross-site scripting
An attacker has been successfully modifying the purchase price of items purchased on the company’s website. The security administrators verify the webserver and Oracle database have not been compromised directly. They have also verified the intrusion detection system (IDS) logs and found no attacks that could have caused this. What is the most likely way the attacker has been able to modify the purchase price?
A. By using cross site scripting
B. By changing hidden form values
C. By using SQL injection
D. By utilizing a buffer overflow attack
Answer: B. By changing hidden form values
An attacker identifies the kind of websites a target company/individual is frequently surfing and tests those particular websites to identify any possible vulnerabilities. When the attacker identifies the vulnerabilities in the website, the attacker injects malicious script/code into the web application that can redirect the webpage and download the malware onto the victim’s machine. After infecting the vulnerable web application, the attacker waits for the victim to access the infected web application. What kind of an attack is this?
A. Phishing attack
B. Water hole attack
C. Denial-of-service attack
D. Jamming attack
Answer: B. Water hole attack
Which of the following application security risks occurs as a result of failure in the implementation of proper key management systems or using old keys for protecting the sensitive data of an organization?
A. Cryptographic failures
B. Injection
C. Security misconfiguration
D. Software and data integrity failures
Answer: A. Cryptographic failures
Which of the following application security risks can be evolved as a result of downloading updates from unauthorized or previously trusted sources without conducting sufficient security checks?
A. Vulnerable and outdated components
B. Identification and authentication failures
C. Security logging and monitoring failures
D. Software and data integrity failures
Answer: D. Software and data integrity failures
Identify the application security risk that can arise because of inappropriate alert mechanisms for failed-login attempts, or the application cannot identify threats in advance, which may result in leakage of sensitive information.?
A. Vulnerable and outdated components
B. Security logging and monitoring failures
C. Server-side request forgery
D. Injection
Answer: B. Security logging and monitoring failures
Which of the following is a web security vulnerability that arises when remote resources are obtained by an application without verifying the URL entered by the user and are exploited by the attackers to read or modify internal resources and steal sensitive information?
A. Identification and authentication failures
B. Server-side request forgery
C. Software and data integrity failures
D. Insecure design
Answer: B. Server-side request forgery
Which of the following is a vulnerability that allows attackers to add their parameters to a URL to redirect users from trusted websites to malicious sites where they can steal sensitive user data and redirect users back to the original website?
A. Direct timing attack
B. Banner grabbing
C. Header-based open redirection
D. Open redirection
Answer: D. Open redirection
Which of the following involves the process of modifying the HTTP location header to redirect users to a malicious page without their knowledge?
A. LDAP injection
B. HTML injection
C. Header-based open redirection
D. Directory traversal
Answer: C. Header-based open redirection
Which of the following attacks is also known as a related-domain attack, which occurs when an attacker targets a subdomain of a trusted organization and attempts to redirect users to an attacker-controlled web page?
A. Direct timing attack
B. DoS attack
C. Same-site attack
D. SQL injection attack
Answer: C. Same-site attack
Which of the following attacks occurs when attackers obtain a clone of a cookie from the user’s browser and use it to establish a session with the target web server and further allow attackers to access a user’s web services without providing any identity?
A. DNS rebinding attack
B. Pass-the-cookie attack
C. SSRF attack
D. Connection string parameter pollution
Answer: B. Pass-the-cookie attack
In which of the following types of injection attacks does an attacker exploit vulnerable form inputs, inject HTML code into a webpage, and change the website appearance?
A. HTML injection
B. HTML embedding
C. Shell injection
D. File injection
Answer: A. HTML injection
Which of the following attacks allows an attacker to encode portions of the attack with Unicode, UTF-8, Base64, or URL encoding to hide their attacks and avoid detection?
A. Obfuscation application
B. Network access attack
C. Cookie snooping
D. Authentication hijacking
Answer: A. Obfuscation application
Which of the following is a timing attack performed by measuring the approximate time taken by a server to process a POST request so that the existence of a username can be deduced?
A. Cross-site timing attack
B. Browser-based timing attack
C. Direct timing attack
D. Cache storage timing attack
Answer: C. Direct timing attack
Which of the following is a web application attack that is also known as a one-click attack and occurs when a hacker instructs a user’s web browser to send a request to a vulnerable website through a malicious web page?
A. Cookie snooping
B. Hidden field manipulation
C. Cross-site request forgery
D. Web service attack
Answer: C. Cross-site request forgery
In which of the following attacks does an attacker load the target website inside a low-opacity iframe?
A. RC4 NOMORE attack
B. Clickjacking attack
C. DNS rebinding attack
D. JavaScript hijacking
Answer: B. Clickjacking attack
The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?
A. Web application patches
B. A security certification for hardened web applications
C. An extensible security framework named COBIT
D. A list of flaws and how to fix them
Answer: D. A list of flaws and how to fix them
Which vulnerability is detected when a pop-up box appears on the screen with the text “Testing Testing Testing” after inserting the following test script into the search area on a company’s website?
A. Cross-site scripting
B. Hybrid attack
C. Buffer overflow
D. Password attacks
Answer: A. Cross-site scripting.
Which of the following attacks involves an attacker loading the target website inside a low-opacity iframe?
A. RC4 NOMORE attack
B. Clickjacking attack
C. DNS rebinding attack
D. JavaScript hijacking
Answer: B. Clickjacking attack
Which type of attack can occur due to flaws such as insecure cryptographic storage and information leakage?
A. Command injection
B. Sensitive data exposure
C. SQL injection
D. Shell injection
Answer: B. Sensitive data exposure
Which type of attack exploits vulnerabilities in dynamically generated webpages and enables malicious attackers to inject client-side scripts into webpages viewed by other users?
A. Cross-site scripting
B. Security misconfiguration
C. Sensitive data exposure
D. Broken access control
Answer: A. Cross-site scripting
What is the term used for a vulnerability that occurs when a threat detection software installed in an organization’s network fails to record a malicious event or ignores important details about the event?
A. Security Logging and Monitoring Failures
B. Sensitive data exposure
C. Security misconfiguration
D. Broken access control
Answer: A. Security Logging and Monitoring Failures
An attacker has been successfully modifying the purchase price of items purchased on a company’s website. The security administrators have verified that the webserver and Oracle database have not been directly compromised, and the intrusion detection system (IDS) logs show no attacks that could have caused this. What is the most likely way the attacker has been able to modify the purchase price?
A. By using cross-site scripting
B. By changing hidden form values
C. By utilizing a buffer overflow attack
D. By using SQL injection
Answer: B. By changing hidden form values
Which condition must be met to allow a tester to exploit a cross-site request forgery (CSRF) vulnerable web application?
A. The web application should not use random tokens.
B. The victim user must open a malicious link with Firefox prior to version 3.
C. The session cookies generated by the application do not have the HttpOnly flag set.
D. The victim user must open a malicious link with an Internet Explorer prior to version 8.
Answer: A. The web application should not use random tokens.
Which application security risk occurs as a result of failure in the implementation of proper key management systems or using old keys for protecting the sensitive data of an organization?
A. Injection
B. Cryptographic failures
C. Security misconfiguration
D. Software and data integrity failures
Answer: B. Cryptographic failures
Robert, a security professional, discovered that certain application functions related to session management and user validation methods were poorly implemented while examining a web application for potential vulnerabilities and protection from evolving threats. What type of application security risk did he discover in the scenario?
A. Cryptographic failures
B. Vulnerable and outdated components
C. Security logging and monitoring failures
D. Identification and authentication failures
Answer: D. Identification and authentication failures
Which of the following application security risks can arise from downloading updates from unauthorized or previously trusted sources without conducting sufficient security checks?
A. Vulnerable and outdated components
B. Security logging and monitoring failures
C. Software and data integrity failures
D. Identification and authentication failures
Answer: C. Software and data integrity failures
Which application security risk can arise due to inappropriate alert mechanisms for failed-login attempts or the inability of an application to identify threats in advance, which may result in leakage of sensitive information?
A. Vulnerable and outdated components
B. Security logging and monitoring failures
C. Server-side request forgery
D. Injection
Answer: B. Security logging and monitoring failures
which of the following attacks is also known as a related-domain attack, which occurs when an attacker targets a subdomain of a trusted organization and attempts to redirect users to an attacker-controlled web page?
A. DoS attack
B. Same-site attack
C. Direct timing attack
D. SQL injection attack
Answer: B. Same-site attack
Kristine, a user, was attempting to browse a website www.certifiedhacker.com. Alex, an attacker, on the other hand, redirected Kristine to a dangling site rans.certifiedhacker.com by luring Kristine into believing that the redirected site is a legitimate one. Kristine submitted her credentials on the malicious site, which Alex obtained.
In the above scenario, Kristine was redirected to a malicious site by an attacker who lured her into believing that the redirected site was legitimate. She submitted her credentials on the malicious site, which the attacker obtained. What type of attack did the attacker perform?
A. Source code disclosure
B. Buffer overflow attack
C. Same-site attack
D. SSH bruteforce attack
Answer: C. Same-site attack
Which of the following attacks occurs when attackers obtain a clone of a cookie from the user’s browser and use it to establish a session with the target web server, allowing them to access a user’s web services without providing any identity?
A. Pass-the-cookie attack
B. SSRF attack
C. Connection string parameter pollution
D. DNS rebinding attack
Answer: A. Pass-the-cookie attack
Which of the following is a security risk that arises due to the incorrect implementation of applications, allowing attackers to compromise passwords, keys, session tokens, and exploit user identity?
A. Broken authentication
B. Security misconfiguration
C. Injection
D. Sensitive data exposure
Answer: A. Broken authentication
Which clickjacking technique involves an attacker creating an iframe of 1 × 1 pixels containing malicious content placed secretly under the mouse cursor? When the user clicks on this cursor, it will be registered on a malicious page.
A. Rapid content replacement
B. Hidden overlay
C. Click event dropping
D. Complete transparent overlay
Answer: B. Hidden overlay
Which of the following is an application security threat that occurs when an application includes untrusted data in a new web page without proper validation or escaping, or when an application updates an existing web page with user-supplied data?
A. Security misconfiguration
B. Components with known vulnerabilities
C. XML external entity (XXE)
D. Cross-site scripting (XSS)
Answer: D. Cross-site scripting (XSS)
Which of the following is a web application attack that is also known as a one-click attack and occurs when a hacker instructs a user’s web browser to send a request to a vulnerable website through a malicious web page?
A. Hidden field manipulation
B. Cross-site request forgery
C. Cookie snooping
D. Web service attack
Answer: B. Cross-site request forgery (CSRF)
In which of the following attacks does an attacker trick or attract a user into accessing a legitimate web server using an explicit session ID value?
A. Malicious file execution
B. Session fixation attack
C. Security management exploits
D. Failure to restrict URL access
Answer: B. Session fixation attack
While testing web applications, you attempt to insert the following test script into the search area on the company’s website:
alert(“Testing Testing Testing”)
After pressing the search button, a pop-up box appears on your screen with the text “Testing Testing Testing.” What vulnerability is detected in the web application here?
A. A buffer overflow
B. Password attacks
C. A hybrid attack
D. Cross-site scripting
Answer: D. Cross-site scripting (XSS)
Which of the following involves the injection of malicious HTML code through a web application?
A. Shell injection
B. LDAP injection
C. SQL injection
D. Cross-site scripting (XSS)
Answer: A. Shell injection
An attacker is successful in exploiting a web application by tampering with the form and parameter of the web application. Which type of vulnerability did the attacker exploit?
A. Security misconfiguration
B. Broken access control
C. SQL injection
D. Cross-site scripting (XSS)
Answer: A. Security misconfiguration
An attacker identifies the kind of websites a target company/individual frequently surfs and tests those particular websites to identify any possible vulnerabilities. When the attacker identifies the vulnerabilities in the website, the attacker injects malicious script/code into the web application that can redirect the webpage and download the malware onto the victim’s machine. After infecting the vulnerable web application, the attacker waits for the victim to access the infected web application. What kind of attack is this?
A. Denial-of-service attack
B. Jamming attack
C. Phishing attack
D. Water hole attack
Answer: D. Water hole attack
Identify the application security flaw that allows attackers to perform brute-forcing, password spraying, and other automated attacks to compromise the account passwords because of poor session management and validation mechanisms.?
A. Software and data integrity failures
B. Server-side request forgery
C. Vulnerable and outdated components
D. Identification and authentication failures
Answer: D. Identification and authentication failures
Which of the following security misconfigurations supports weak algorithms and uses expired or invalid certificates, resulting in data exposure and account theft?
A. Insufficient transport layer protection
B. Improper error handling
C. Parameter/form tampering
D. Unvalidated inputs
Answer: A. Insufficient transport layer protection
One of the following is a clickjacking technique in which an attacker creates an iframe of 1 × 1 pixels containing malicious content placed secretly under the mouse cursor. When the user clicks on this cursor, it will be registered on a malicious page. Which is this clickjacking technique?
A. Complete transparent overlay
B. Hidden overlay
C. Click event dropping
D. Rapid content replacement
Answer: B. Hidden overlay
Which of the following is an attack that can majorly affect web applications, including the basic level of service, and allows a level of privilege that standard HTTP application methods cannot grant?
A. Platform exploits
B. Network access attacks
C. Buffer overflow
D. CAPTCHA attacks
Answer: B. Network access attacks
An attacker successfully exploited a web application by tampering with the form and parameter of the web application. Which type of vulnerability did the attacker exploit?
A. Broken access control
B. SQL injection
C. Sensitive data exposure
D. Security misconfiguration
Answer: A. Broken access control
What type of vulnerability did the attacker exploit when he tampered with the form and parameter of a web application and gained access?
A. SQL injection
B. Security misconfiguration
C. Broken access control
D. Sensitive data exposure
Answer: B. Security misconfiguration
What kind of vulnerability occurs when a threat detection software installed in an organization’s network fails to record a malicious event or ignores important details about the event?
A. Security Logging and Monitoring Failures
B. Security misconfiguration
C. Sensitive data exposure
D. Broken access control
Answer: A. Security Logging and Monitoring Failures.
What is the most likely way an attacker has been able to modify the purchase price of items purchased on a company’s website, given that the webserver and Oracle database have not been directly compromised and intrusion detection system logs show no attacks?
A. By using SQL injection
B. By changing hidden form values
C. By utilizing a buffer overflow attack
D. By using cross site scripting
Answer: B. By changing hidden form values.
Which of the following application security risks occurs as a result of failure in the implementation of proper key management systems or using old keys for protecting the sensitive data of an organization?
A. Software and data integrity failures
B. Security misconfiguration
C. Cryptographic failures
D. Injection
Answer: C. Cryptographic failures.
What type of application security risk did Robert discover when examining a web application and finding poorly implemented session management and user validation methods?
A. Cryptographic failures
B. Security logging and monitoring failures
C. Identification and authentication failures
D. Vulnerable and outdated components
Answer: C. Identification and authentication failures.
Which of the following application security risks can occur as a result of downloading updates from unauthorized or previously trusted sources without conducting sufficient security checks?
A. Identification and authentication failures
B. Vulnerable and outdated components
C. Security logging and monitoring failures
D. Software and data integrity failures
Answer: D. Software and data integrity failures
What application security risk can arise due to inappropriate alert mechanisms for failed-login attempts, or the application’s inability to identify threats in advance, which may result in the leakage of sensitive information?
A. Injection
B. Server-side request forgery
C. Vulnerable and outdated components
D. Security logging and monitoring failures
Answer: D. Security logging and monitoring failures.
What web security vulnerability arises when remote resources are obtained by an application without verifying the URL entered by the user and are exploited by attackers to read or modify internal resources and steal sensitive information?
A. Software and data integrity failures
B. Server-side request forgery
C. Insecure design
D. Identification and authentication failures
Answer: B. Server-side request forgery.
What is the vulnerability that allows attackers to add their parameters to a URL to redirect users from trusted websites to malicious sites where they can steal sensitive user data and redirect users back to the original website?
A. Banner grabbing
B. Open redirection
C. Direct timing attack
D. Header-based open redirection
Answer: B. Open redirection.
What attack is also known as a related-domain attack, which occurs when an attacker targets a subdomain of a trusted organization and attempts to redirect users to an attacker-controlled web page?
A. DoS attack
B. Direct timing attack
C. Same-site attack
D. SQL injection attack
Answer: C. Same-site attack.
What type of attack did Alex perform in the scenario where he redirected a user to a dangling site and obtained their credentials?
A. Buffer overflow attack
B. Same-site attack
C. SSH bruteforce attack
D. Source code disclosure
Answer: B. Same-site attack.
What is the security risk due to the incorrect implementation of applications, allowing attackers to compromise passwords, keys, session tokens, and exploit user identity?
A. Security misconfiguration
B. Broken authentication
C. Sensitive data exposure
D. Injection
Answer: B. Broken authentication.
What timing attack is performed by measuring the approximate time taken by a server to process a POST request so that the existence of a username can be deduced?
A. Browser-based timing attack
B. Direct timing attack
C. Cache storage timing attack
D. Cross-site timing attack
Answer: B. Direct timing attack.
What is the clickjacking technique in which an attacker creates an iframe of 1 × 1 pixels containing malicious content placed secretly under the mouse cursor, so when the user clicks on this cursor, it will be registered on a malicious page?
A. Complete transparent overlay
B. Hidden overlay
C. Click event dropping
D. Rapid content replacement
Answer: B. Hidden overlay.
What is an application security threat that occurs when an application includes untrusted data in a new web page without proper validation or escaping or when an application updates an existing web page with user-supplied data?
A. Cross-site scripting (XSS)
B. XML external entity (XXE)
C. Security misconfiguration
D. Components with known vulnerabilities
Answer: A. Cross-site scripting (XSS).
What attack can majorly affect web applications, including the basic level of service, and allows a level of privilege that standard HTTP application methods cannot grant?
A. Buffer overflow
B. Network access attacks
C. CAPTCHA attacks
D. Platform exploits
Answer: B. Network access attacks.
While testing web applications, you attempt to insert the following test script into the search area on the company’s website:
alert(“Testing Testing Testing”)
Afterwards, when you press the search button, a pop up box appears on your screen with the text, “Testing Testing Testing.”
What vulnerability is detected in the web application when the following test script is inserted into the search area on the company’s website?
A. Buffer overflow
B. Password attacks
C. A hybrid attack
D. Cross-site scripting
Answer: D. Cross-site scripting
An attacker exploits a web application by tampering with the form and parameter of the web application and he is successful in exploiting the web application and gaining access. Which type of vulnerability did the attacker exploit?
A. SQL injection
B. Broken access control
C. Security misconfiguration
D. Sensitive data exposure
Answer: C. Security misconfiguration
If a threat detection software installed in any organization network either does not record the malicious event or ignores the important details about the event, then what kind of vulnerability is it?
A. Security misconfiguration
B. Sensitive data exposure
C. Security Logging and Monitoring Failures
D. Broken access control
Answer: C. Security Logging and Monitoring Failures
During a penetration test, a tester finds that the web application being analyzed is vulnerable to XSS. Which of the following conditions must be met to exploit this vulnerability?
A. The victim user should not have an endpoint security solution.
B. The session cookies do not have the HttpOnly flag set.
C. The web application does not have the secure flag set.
D. The victim’s browser must have ActiveX technology enabled.
Answer: B. The session cookies do not have the HttpOnly flag set.
A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application has been developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the application’s search form and introduces the following code in the search input field: IMG SRC=vbscript:msgbox(“Vulnerable”);> originalAttribute=”SRC” originalPath=”vbscript:msgbox(“Vulnerable”);>” When the analyst submits the form, the browser returns a pop-up window that says “Vulnerable.” Which web application vulnerability did the analyst discover?
A. Command injection
B. SQL injection
C. Cross-site scripting
D. Cross-site request forgery
Answer: C. Cross-site scripting
Which of the following conditions must be given to allow a tester to exploit a cross-site request forgery (CSRF) vulnerable web application?
A. The victim user must open a malicious link with an Internet Explorer prior to version 8.
B. The victim user must open a malicious link with Firefox prior to version 3.
C. The web application should not use random tokens.
D. The session cookies generated by the application do not have the HttpOnly flag set.
Answer: C. The web application should not use random tokens.
Robert, a security professional, examined a web application for discovering potential vulnerabilities and protecting it from evolving threats. During analysis, he discovered that certain application functions related to the session management and user validation methods were poorly implemented. Identify the type of application security risk discovered by Robert in the above scenario.?
A. Cryptographic failures
B. Vulnerable and outdated components
C. Identification and authentication failures
D. Security logging and monitoring failures
Answer: C. Identification and authentication failures
Which of the following is a security risk due to the incorrect implementation of applications, allowing attackers to compromise passwords, keys, session tokens, and exploit user identity?
A. Sensitive data exposure
B. Injection
C. Security misconfiguration
D. Broken authentication
Answer: D. Broken authentication
Which of the following is an application security threat that occurs when an application includes untrusted data in a new web page without proper validation or escaping or when an application updates an existing web page with user-supplied data?
A. Security misconfiguration
B. XML external entity (XXE)
C. Components with known vulnerabilities
D. Cross-site scripting (XSS)
Answer: D. Cross-site scripting (XSS)
Which of the following is a clickjacking technique that overlays only the selected controls from a transparent page and involves masking buttons with hyperlinks and text labels containing false information?
A. Complete transparent overlay
B. Rapid content replacement
C. Click event dropping
D. Cropping
Answer: D. Cropping
While testing web applications, you attempt to insert the following test script into the search area on the company’s website:
alert(“Testing Testing Testing”)
Afterwards, when you press the search button, a pop up box appears on your screen with the text, “Testing Testing Testing.” What vulnerability is detected in the web application here?
A. Cross-site scripting
B. Password attacks
C. A hybrid attack
D. A buffer overflow
Answer: A. Cross-site scripting
Robert, a security professional, examined a web application for discovering potential vulnerabilities and protecting it from evolving threats. During analysis, he discovered that certain application functions related to the session management and user validation methods were poorly implemented. Identify the type of application security risk discovered by Robert in the above scenario.?
A. Vulnerable and outdated components
B. Cryptographic failures
C. Security logging and monitoring failures
D. Identification and authentication failures
Answer: D. Identification and authentication failures
What type of injection attack involves injecting HTML code into a webpage to change the website appearance?
A. HTML embedding
B. Shell injection
C. File injection
D. HTML injection
Answer: D. HTML injection
Which of the following attacks does an attacker trick or attract a user into accessing a legitimate web server using an explicit session ID value?
A. Security management exploits
B. Malicious file execution
C. Session fixation attack
D. Failure to restrict URL access
Answer: C. Session fixation attack
During a penetration test, a tester finds that the web application being analyzed is vulnerable to XSS. Which of the following conditions must be met to exploit this vulnerability?
A. The session cookies do not have the HttpOnly flag set.
B. The web application does not have the secure flag set.
C. The victim user should not have an endpoint security solution.
D. The victim’s browser must have ActiveX technology enabled.
Answer: A. The session cookies do not have the HttpOnly flag set.
An attacker has successfully modified the purchase price of items purchased on a company’s website. After verifying the web server and Oracle database have not been directly compromised and checking the intrusion detection system (IDS) logs, which showed no attacks that could have caused this, what is the most likely method used by the attacker to modify the purchase price?
A. By using SQL injection
B. By utilizing a buffer overflow attack
C. By using cross-site scripting
D. By changing hidden form values
Answer: D. By changing hidden form values
An attacker tests the websites that a target company/individual frequently visits to identify any possible vulnerabilities. After identifying the vulnerabilities, the attacker injects malicious script/code into the web application that can redirect the webpage and download malware onto the victim’s machine. Once the web application is infected, the attacker waits for the victim to access it. What type of attack is this?
A. Jamming attack
B. Denial-of-service attack
C. Watering hole attack
D. Phishing attack
Answer: C. Watering hole attack
Which of the following application security risks occurs as a result of the failure to implement proper key management systems or using old keys to protect the sensitive data of an organization?
A. Security misconfiguration
B. Cryptographic failures
C. Injection
D. Software and data integrity failures
Answer: B. Cryptographic failures
Which application security flaw allows attackers to perform brute-forcing, password spraying, and other automated attacks to compromise account passwords due to poor session management and validation mechanisms?
A. Vulnerable and outdated components
B. Server-side request forgery
C. Identification and authentication failures
D. Software and data integrity failures
Answer: C. Identification and authentication failures
Robert, a security professional, examined a web application for discovering potential vulnerabilities and protecting it from evolving threats. During the analysis, he discovered that certain application functions related to the session management and user validation methods were poorly implemented.
What type of application security risk did Robert discover in the above scenario?
A. Identification and authentication failures
B. Security logging and monitoring failures
C. Cryptographic failures
D. Vulnerable and outdated components
Answer: A. Identification and authentication failures
Which application security risk can arise due to inappropriate alert mechanisms for failed login attempts, or the application’s inability to identify threats in advance, leading to the leakage of sensitive information?
A. Vulnerable and outdated components
B. Injection
C. Server-side request forgery
D. Security logging and monitoring failures
Answer: D. Security logging and monitoring failures
Which of the following is a web security vulnerability that arises when an application obtains remote resources without verifying the URL entered by the user, and attackers exploit it to read or modify internal resources and steal sensitive information?
A. Insecure design
B. Server-side request forgery
C. Identification and authentication failures
D. Software and data integrity failures
Answer: B. Server-side request forgery
Which of the following involves modifying the HTTP location header to redirect users to a malicious page without their knowledge?
A. Header-based open redirection
B. LDAP injection
C. Directory traversal
D. HTML injection
Answer: A. Header-based open redirection
Kristine was attempting to browse a website, www.certifiedhacker.com, but Alex, an attacker, redirected Kristine to a dangling site, rans.certifiedhacker.com, by luring Kristine into believing that the redirected site is a legitimate one. Kristine submitted her credentials on the malicious site, which Alex obtained.
What type of attack did Alex perform in the above scenario?
A. SSH brute-force attack
B. Source code disclosure
C. Buffer overflow attack
D. Same-site attack
Answer: D. Same-site attack
Which of the following techniques allows an attacker to inject unusual characters into HTML code to bypass client-side controls?
A. Attack browser extensions
B. Evade XSS filters
C. Source-code review
D. Attack hidden form fields
Answer: B. Evade XSS filters
Which of the following HTTP service port numbers is used for connecting to a remote network server system?
A. Port 384
B. Port 88
C. Port 80
D. Port 81
Answer: A. Port 384
Which of the following techniques is used by an attacker to enumerate usernames from a target web application?
A. Dictionary attack
B. Cookie poisoning
C. Verbose failure message
D. Bypass SAML-based SSO
Answer: C. Verbose failure message
Which of the following is a built-in tool of Burp Suite that is used for inspecting and modifying traffic between a browser and a target application?
A. Intruder tool
B. Sequencer tool
C. Intercepting proxy
D. Application-aware
Answer: C. Intercepting proxy
Which of the following attacks allows an attacker to inject malicious content, modify the user’s online experience, and obtain unauthorized information?
A. Session prediction
B. Session brute-forcing
C. Session poisoning
D. Cross-site request forgery
Answer: C. Session poisoning
Which of the following built-in tools of Burp Suite is used for testing the randomness of session tokens?
A. Application-aware spider
B. Intruder tool
C. Sequencer tool
D. Intercepting proxy
Answer: C. Sequencer tool
What technique is used to perform a connection stream parameter pollution (CSPP) attack?
A. Adding multiple parameters with the same name in HTTP requests
B. Injecting parameters into a connection string using semicolons as a separator
C. Setting a user’s session identifier (SID) to an explicit known value
D. Inserting malicious JavaScript code into input parameters
Answer: B. Injecting parameters into a connection string using semicolons as a separator
Which of the following automatically discover hidden content and functionality by parsing HTML form and client-side JavaScript requests and responses?
A. Banners
B. Proxies
C. Firewalls
D. Web spiders
Answer: D. Web spiders
An attacker wants to exploit a webpage. From which of the following points does he start his attack process?
A. Identify server-side functionality
B. Identify entry points for user input
C. Identify server-side technologies
D. Map the attack surface
Answer: B. Identify entry points for user input
Which of the following data can be gathered by attackers after infecting the Google Chrome browser?
A. User’s spoken language
B. Legal documents related to the organization
C. Partners of the organization
D. News articles, press releases, and related documents
Answer: A. User’s spoken language
Which of the following is a DNS interrogation tool that allows an attacker to retrieve information about the location and type of servers related to the target web infrastructure?
A. Vega
B. Halberd
C. Domain Dossier
D. WAFW00F
Answer: C. Domain Dossier
Which of the following attacks can be performed using information regarding the database interaction of a target web application?
A. Directory traversal
B. Cross-site scripting
C. Username enumeration, password brute-forcing
D. SQL injection, data leakage
Answer: D. SQL injection, data leakage
