Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CEH v12 Exam Prep "Hard" > Module 14 - Hacking Web Application ( EC Mode Part 01 ) > Flashcards

Module 14 - Hacking Web Application ( EC Mode Part 01 ) Flashcards

1
Q

Which of the following attacks can take place due to flaws such as insecure cryptographic storage and information leakage?

A. SQL injection
B. Command injection
C. Sensitive data exposure
D. Shell injection

A

Answer: C. Sensitive data exposure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following attacks exploits vulnerabilities in dynamically generated webpages, which enables malicious attackers to inject client-side scripts into webpages viewed by other users?

A. Broken access control
B. Security misconfiguration
C. Cross-site scripting
D. Sensitive data exposure

A

Answer: C. Cross-site scripting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application has been developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the application’s search form and introduces the following code in the search input field: IMG SRC=vbscript:msgbox(“Vulnerable”);> originalAttribute=”SRC” originalPath=”vbscript:msgbox(“Vulnerable”);>”
When the analyst submits the form, the browser returns a pop-up window that says “Vulnerable.”
Which web applications vulnerability did the analyst discover?

A. SQL injection
B. Command injection
C. Cross-site scripting
D. Cross-site request forgery

A

Answer: C. Cross-site scripting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An attacker has been successfully modifying the purchase price of items purchased on the company’s website. The security administrators verify the webserver and Oracle database have not been compromised directly. They have also verified the intrusion detection system (IDS) logs and found no attacks that could have caused this. What is the most likely way the attacker has been able to modify the purchase price?

A. By using cross site scripting
B. By changing hidden form values
C. By using SQL injection
D. By utilizing a buffer overflow attack

A

Answer: B. By changing hidden form values

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An attacker identifies the kind of websites a target company/individual is frequently surfing and tests those particular websites to identify any possible vulnerabilities. When the attacker identifies the vulnerabilities in the website, the attacker injects malicious script/code into the web application that can redirect the webpage and download the malware onto the victim’s machine. After infecting the vulnerable web application, the attacker waits for the victim to access the infected web application. What kind of an attack is this?

A. Phishing attack
B. Water hole attack
C. Denial-of-service attack
D. Jamming attack

A

Answer: B. Water hole attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following application security risks occurs as a result of failure in the implementation of proper key management systems or using old keys for protecting the sensitive data of an organization?

A. Cryptographic failures
B. Injection
C. Security misconfiguration
D. Software and data integrity failures

A

Answer: A. Cryptographic failures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following application security risks can be evolved as a result of downloading updates from unauthorized or previously trusted sources without conducting sufficient security checks?

A. Vulnerable and outdated components
B. Identification and authentication failures
C. Security logging and monitoring failures
D. Software and data integrity failures

A

Answer: D. Software and data integrity failures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Identify the application security risk that can arise because of inappropriate alert mechanisms for failed-login attempts, or the application cannot identify threats in advance, which may result in leakage of sensitive information.?

A. Vulnerable and outdated components
B. Security logging and monitoring failures
C. Server-side request forgery
D. Injection

A

Answer: B. Security logging and monitoring failures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following is a web security vulnerability that arises when remote resources are obtained by an application without verifying the URL entered by the user and are exploited by the attackers to read or modify internal resources and steal sensitive information?

A. Identification and authentication failures
B. Server-side request forgery
C. Software and data integrity failures
D. Insecure design

A

Answer: B. Server-side request forgery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following is a vulnerability that allows attackers to add their parameters to a URL to redirect users from trusted websites to malicious sites where they can steal sensitive user data and redirect users back to the original website?

A. Direct timing attack
B. Banner grabbing
C. Header-based open redirection
D. Open redirection

A

Answer: D. Open redirection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following involves the process of modifying the HTTP location header to redirect users to a malicious page without their knowledge?

A. LDAP injection
B. HTML injection
C. Header-based open redirection
D. Directory traversal

A

Answer: C. Header-based open redirection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following attacks is also known as a related-domain attack, which occurs when an attacker targets a subdomain of a trusted organization and attempts to redirect users to an attacker-controlled web page?

A. Direct timing attack
B. DoS attack
C. Same-site attack
D. SQL injection attack

A

Answer: C. Same-site attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following attacks occurs when attackers obtain a clone of a cookie from the user’s browser and use it to establish a session with the target web server and further allow attackers to access a user’s web services without providing any identity?

A. DNS rebinding attack
B. Pass-the-cookie attack
C. SSRF attack
D. Connection string parameter pollution

A

Answer: B. Pass-the-cookie attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

In which of the following types of injection attacks does an attacker exploit vulnerable form inputs, inject HTML code into a webpage, and change the website appearance?

A. HTML injection
B. HTML embedding
C. Shell injection
D. File injection

A

Answer: A. HTML injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following attacks allows an attacker to encode portions of the attack with Unicode, UTF-8, Base64, or URL encoding to hide their attacks and avoid detection?

A. Obfuscation application
B. Network access attack
C. Cookie snooping
D. Authentication hijacking

A

Answer: A. Obfuscation application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following is a timing attack performed by measuring the approximate time taken by a server to process a POST request so that the existence of a username can be deduced?

A. Cross-site timing attack
B. Browser-based timing attack
C. Direct timing attack
D. Cache storage timing attack

A

Answer: C. Direct timing attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following is a web application attack that is also known as a one-click attack and occurs when a hacker instructs a user’s web browser to send a request to a vulnerable website through a malicious web page?

A. Cookie snooping
B. Hidden field manipulation
C. Cross-site request forgery
D. Web service attack

A

Answer: C. Cross-site request forgery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

In which of the following attacks does an attacker load the target website inside a low-opacity iframe?

A. RC4 NOMORE attack
B. Clickjacking attack
C. DNS rebinding attack
D. JavaScript hijacking

A

Answer: B. Clickjacking attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?

A. Web application patches
B. A security certification for hardened web applications
C. An extensible security framework named COBIT
D. A list of flaws and how to fix them

A

Answer: D. A list of flaws and how to fix them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which vulnerability is detected when a pop-up box appears on the screen with the text “Testing Testing Testing” after inserting the following test script into the search area on a company’s website?

A. Cross-site scripting
B. Hybrid attack
C. Buffer overflow
D. Password attacks

A

Answer: A. Cross-site scripting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which of the following attacks involves an attacker loading the target website inside a low-opacity iframe?

A. RC4 NOMORE attack
B. Clickjacking attack
C. DNS rebinding attack
D. JavaScript hijacking

A

Answer: B. Clickjacking attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which type of attack can occur due to flaws such as insecure cryptographic storage and information leakage?

A. Command injection
B. Sensitive data exposure
C. SQL injection
D. Shell injection

A

Answer: B. Sensitive data exposure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which type of attack exploits vulnerabilities in dynamically generated webpages and enables malicious attackers to inject client-side scripts into webpages viewed by other users?

A. Cross-site scripting
B. Security misconfiguration
C. Sensitive data exposure
D. Broken access control

A

Answer: A. Cross-site scripting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is the term used for a vulnerability that occurs when a threat detection software installed in an organization’s network fails to record a malicious event or ignores important details about the event?

A. Security Logging and Monitoring Failures
B. Sensitive data exposure
C. Security misconfiguration
D. Broken access control

A

Answer: A. Security Logging and Monitoring Failures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

An attacker has been successfully modifying the purchase price of items purchased on a company’s website. The security administrators have verified that the webserver and Oracle database have not been directly compromised, and the intrusion detection system (IDS) logs show no attacks that could have caused this. What is the most likely way the attacker has been able to modify the purchase price?

A. By using cross-site scripting
B. By changing hidden form values
C. By utilizing a buffer overflow attack
D. By using SQL injection

A

Answer: B. By changing hidden form values

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which condition must be met to allow a tester to exploit a cross-site request forgery (CSRF) vulnerable web application?

A. The web application should not use random tokens.
B. The victim user must open a malicious link with Firefox prior to version 3.
C. The session cookies generated by the application do not have the HttpOnly flag set.
D. The victim user must open a malicious link with an Internet Explorer prior to version 8.

A

Answer: A. The web application should not use random tokens.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which application security risk occurs as a result of failure in the implementation of proper key management systems or using old keys for protecting the sensitive data of an organization?

A. Injection
B. Cryptographic failures
C. Security misconfiguration
D. Software and data integrity failures

A

Answer: B. Cryptographic failures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Robert, a security professional, discovered that certain application functions related to session management and user validation methods were poorly implemented while examining a web application for potential vulnerabilities and protection from evolving threats. What type of application security risk did he discover in the scenario?

A. Cryptographic failures
B. Vulnerable and outdated components
C. Security logging and monitoring failures
D. Identification and authentication failures

A

Answer: D. Identification and authentication failures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Which of the following application security risks can arise from downloading updates from unauthorized or previously trusted sources without conducting sufficient security checks?

A. Vulnerable and outdated components
B. Security logging and monitoring failures
C. Software and data integrity failures
D. Identification and authentication failures

A

Answer: C. Software and data integrity failures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Which application security risk can arise due to inappropriate alert mechanisms for failed-login attempts or the inability of an application to identify threats in advance, which may result in leakage of sensitive information?

A. Vulnerable and outdated components
B. Security logging and monitoring failures
C. Server-side request forgery
D. Injection

A

Answer: B. Security logging and monitoring failures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

which of the following attacks is also known as a related-domain attack, which occurs when an attacker targets a subdomain of a trusted organization and attempts to redirect users to an attacker-controlled web page?

A. DoS attack
B. Same-site attack
C. Direct timing attack
D. SQL injection attack

A

Answer: B. Same-site attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Kristine, a user, was attempting to browse a website www.certifiedhacker.com. Alex, an attacker, on the other hand, redirected Kristine to a dangling site rans.certifiedhacker.com by luring Kristine into believing that the redirected site is a legitimate one. Kristine submitted her credentials on the malicious site, which Alex obtained.

In the above scenario, Kristine was redirected to a malicious site by an attacker who lured her into believing that the redirected site was legitimate. She submitted her credentials on the malicious site, which the attacker obtained. What type of attack did the attacker perform?

A. Source code disclosure
B. Buffer overflow attack
C. Same-site attack
D. SSH bruteforce attack

A

Answer: C. Same-site attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Which of the following attacks occurs when attackers obtain a clone of a cookie from the user’s browser and use it to establish a session with the target web server, allowing them to access a user’s web services without providing any identity?

A. Pass-the-cookie attack
B. SSRF attack
C. Connection string parameter pollution
D. DNS rebinding attack

A

Answer: A. Pass-the-cookie attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which of the following is a security risk that arises due to the incorrect implementation of applications, allowing attackers to compromise passwords, keys, session tokens, and exploit user identity?

A. Broken authentication
B. Security misconfiguration
C. Injection
D. Sensitive data exposure

A

Answer: A. Broken authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Which clickjacking technique involves an attacker creating an iframe of 1 × 1 pixels containing malicious content placed secretly under the mouse cursor? When the user clicks on this cursor, it will be registered on a malicious page.

A. Rapid content replacement
B. Hidden overlay
C. Click event dropping
D. Complete transparent overlay

A

Answer: B. Hidden overlay

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Which of the following is an application security threat that occurs when an application includes untrusted data in a new web page without proper validation or escaping, or when an application updates an existing web page with user-supplied data?

A. Security misconfiguration
B. Components with known vulnerabilities
C. XML external entity (XXE)
D. Cross-site scripting (XSS)

A

Answer: D. Cross-site scripting (XSS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Which of the following is a web application attack that is also known as a one-click attack and occurs when a hacker instructs a user’s web browser to send a request to a vulnerable website through a malicious web page?

A. Hidden field manipulation
B. Cross-site request forgery
C. Cookie snooping
D. Web service attack

A

Answer: B. Cross-site request forgery (CSRF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

In which of the following attacks does an attacker trick or attract a user into accessing a legitimate web server using an explicit session ID value?

A. Malicious file execution
B. Session fixation attack
C. Security management exploits
D. Failure to restrict URL access

A

Answer: B. Session fixation attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

While testing web applications, you attempt to insert the following test script into the search area on the company’s website:

alert(“Testing Testing Testing”)
After pressing the search button, a pop-up box appears on your screen with the text “Testing Testing Testing.” What vulnerability is detected in the web application here?

A. A buffer overflow
B. Password attacks
C. A hybrid attack
D. Cross-site scripting

A

Answer: D. Cross-site scripting (XSS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Which of the following involves the injection of malicious HTML code through a web application?

A. Shell injection
B. LDAP injection
C. SQL injection
D. Cross-site scripting (XSS)

A

Answer: A. Shell injection

41
Q

An attacker is successful in exploiting a web application by tampering with the form and parameter of the web application. Which type of vulnerability did the attacker exploit?

A. Security misconfiguration
B. Broken access control
C. SQL injection
D. Cross-site scripting (XSS)

A

Answer: A. Security misconfiguration

42
Q

An attacker identifies the kind of websites a target company/individual frequently surfs and tests those particular websites to identify any possible vulnerabilities. When the attacker identifies the vulnerabilities in the website, the attacker injects malicious script/code into the web application that can redirect the webpage and download the malware onto the victim’s machine. After infecting the vulnerable web application, the attacker waits for the victim to access the infected web application. What kind of attack is this?

A. Denial-of-service attack
B. Jamming attack
C. Phishing attack
D. Water hole attack

A

Answer: D. Water hole attack

43
Q

Identify the application security flaw that allows attackers to perform brute-forcing, password spraying, and other automated attacks to compromise the account passwords because of poor session management and validation mechanisms.?

A. Software and data integrity failures
B. Server-side request forgery
C. Vulnerable and outdated components
D. Identification and authentication failures

A

Answer: D. Identification and authentication failures

44
Q

Which of the following security misconfigurations supports weak algorithms and uses expired or invalid certificates, resulting in data exposure and account theft?

A. Insufficient transport layer protection
B. Improper error handling
C. Parameter/form tampering
D. Unvalidated inputs

A

Answer: A. Insufficient transport layer protection

45
Q

One of the following is a clickjacking technique in which an attacker creates an iframe of 1 × 1 pixels containing malicious content placed secretly under the mouse cursor. When the user clicks on this cursor, it will be registered on a malicious page. Which is this clickjacking technique?

A. Complete transparent overlay
B. Hidden overlay
C. Click event dropping
D. Rapid content replacement

A

Answer: B. Hidden overlay

46
Q

Which of the following is an attack that can majorly affect web applications, including the basic level of service, and allows a level of privilege that standard HTTP application methods cannot grant?

A. Platform exploits
B. Network access attacks
C. Buffer overflow
D. CAPTCHA attacks

A

Answer: B. Network access attacks

47
Q

An attacker successfully exploited a web application by tampering with the form and parameter of the web application. Which type of vulnerability did the attacker exploit?

A. Broken access control
B. SQL injection
C. Sensitive data exposure
D. Security misconfiguration

A

Answer: A. Broken access control

48
Q

What type of vulnerability did the attacker exploit when he tampered with the form and parameter of a web application and gained access?

A. SQL injection
B. Security misconfiguration
C. Broken access control
D. Sensitive data exposure

A

Answer: B. Security misconfiguration

49
Q

What kind of vulnerability occurs when a threat detection software installed in an organization’s network fails to record a malicious event or ignores important details about the event?

A. Security Logging and Monitoring Failures
B. Security misconfiguration
C. Sensitive data exposure
D. Broken access control

A

Answer: A. Security Logging and Monitoring Failures.

50
Q

What is the most likely way an attacker has been able to modify the purchase price of items purchased on a company’s website, given that the webserver and Oracle database have not been directly compromised and intrusion detection system logs show no attacks?

A. By using SQL injection
B. By changing hidden form values
C. By utilizing a buffer overflow attack
D. By using cross site scripting

A

Answer: B. By changing hidden form values.

51
Q

Which of the following application security risks occurs as a result of failure in the implementation of proper key management systems or using old keys for protecting the sensitive data of an organization?

A. Software and data integrity failures
B. Security misconfiguration
C. Cryptographic failures
D. Injection

A

Answer: C. Cryptographic failures.

52
Q

What type of application security risk did Robert discover when examining a web application and finding poorly implemented session management and user validation methods?

A. Cryptographic failures
B. Security logging and monitoring failures
C. Identification and authentication failures
D. Vulnerable and outdated components

A

Answer: C. Identification and authentication failures.

53
Q

Which of the following application security risks can occur as a result of downloading updates from unauthorized or previously trusted sources without conducting sufficient security checks?

A. Identification and authentication failures
B. Vulnerable and outdated components
C. Security logging and monitoring failures
D. Software and data integrity failures

A

Answer: D. Software and data integrity failures

54
Q

What application security risk can arise due to inappropriate alert mechanisms for failed-login attempts, or the application’s inability to identify threats in advance, which may result in the leakage of sensitive information?

A. Injection
B. Server-side request forgery
C. Vulnerable and outdated components
D. Security logging and monitoring failures

A

Answer: D. Security logging and monitoring failures.

55
Q

What web security vulnerability arises when remote resources are obtained by an application without verifying the URL entered by the user and are exploited by attackers to read or modify internal resources and steal sensitive information?

A. Software and data integrity failures
B. Server-side request forgery
C. Insecure design
D. Identification and authentication failures

A

Answer: B. Server-side request forgery.

56
Q

What is the vulnerability that allows attackers to add their parameters to a URL to redirect users from trusted websites to malicious sites where they can steal sensitive user data and redirect users back to the original website?

A. Banner grabbing
B. Open redirection
C. Direct timing attack
D. Header-based open redirection

A

Answer: B. Open redirection.

57
Q

What attack is also known as a related-domain attack, which occurs when an attacker targets a subdomain of a trusted organization and attempts to redirect users to an attacker-controlled web page?

A. DoS attack
B. Direct timing attack
C. Same-site attack
D. SQL injection attack

A

Answer: C. Same-site attack.

58
Q

What type of attack did Alex perform in the scenario where he redirected a user to a dangling site and obtained their credentials?

A. Buffer overflow attack
B. Same-site attack
C. SSH bruteforce attack
D. Source code disclosure

A

Answer: B. Same-site attack.

59
Q

What is the security risk due to the incorrect implementation of applications, allowing attackers to compromise passwords, keys, session tokens, and exploit user identity?

A. Security misconfiguration
B. Broken authentication
C. Sensitive data exposure
D. Injection

A

Answer: B. Broken authentication.

60
Q

What timing attack is performed by measuring the approximate time taken by a server to process a POST request so that the existence of a username can be deduced?

A. Browser-based timing attack
B. Direct timing attack
C. Cache storage timing attack
D. Cross-site timing attack

A

Answer: B. Direct timing attack.

61
Q

What is the clickjacking technique in which an attacker creates an iframe of 1 × 1 pixels containing malicious content placed secretly under the mouse cursor, so when the user clicks on this cursor, it will be registered on a malicious page?

A. Complete transparent overlay
B. Hidden overlay
C. Click event dropping
D. Rapid content replacement

A

Answer: B. Hidden overlay.

62
Q

What is an application security threat that occurs when an application includes untrusted data in a new web page without proper validation or escaping or when an application updates an existing web page with user-supplied data?

A. Cross-site scripting (XSS)
B. XML external entity (XXE)
C. Security misconfiguration
D. Components with known vulnerabilities

A

Answer: A. Cross-site scripting (XSS).

63
Q

What attack can majorly affect web applications, including the basic level of service, and allows a level of privilege that standard HTTP application methods cannot grant?

A. Buffer overflow
B. Network access attacks
C. CAPTCHA attacks
D. Platform exploits

A

Answer: B. Network access attacks.

64
Q

While testing web applications, you attempt to insert the following test script into the search area on the company’s website:

alert(“Testing Testing Testing”)

Afterwards, when you press the search button, a pop up box appears on your screen with the text, “Testing Testing Testing.”

What vulnerability is detected in the web application when the following test script is inserted into the search area on the company’s website?

A. Buffer overflow
B. Password attacks
C. A hybrid attack
D. Cross-site scripting

A

Answer: D. Cross-site scripting

65
Q

An attacker exploits a web application by tampering with the form and parameter of the web application and he is successful in exploiting the web application and gaining access. Which type of vulnerability did the attacker exploit?

A. SQL injection
B. Broken access control
C. Security misconfiguration
D. Sensitive data exposure

A

Answer: C. Security misconfiguration

66
Q

If a threat detection software installed in any organization network either does not record the malicious event or ignores the important details about the event, then what kind of vulnerability is it?

A. Security misconfiguration
B. Sensitive data exposure
C. Security Logging and Monitoring Failures
D. Broken access control

A

Answer: C. Security Logging and Monitoring Failures

67
Q

During a penetration test, a tester finds that the web application being analyzed is vulnerable to XSS. Which of the following conditions must be met to exploit this vulnerability?

A. The victim user should not have an endpoint security solution.
B. The session cookies do not have the HttpOnly flag set.
C. The web application does not have the secure flag set.
D. The victim’s browser must have ActiveX technology enabled.

A

Answer: B. The session cookies do not have the HttpOnly flag set.

68
Q

A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application has been developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the application’s search form and introduces the following code in the search input field: IMG SRC=vbscript:msgbox(“Vulnerable”);> originalAttribute=”SRC” originalPath=”vbscript:msgbox(“Vulnerable”);>” When the analyst submits the form, the browser returns a pop-up window that says “Vulnerable.” Which web application vulnerability did the analyst discover?

A. Command injection
B. SQL injection
C. Cross-site scripting
D. Cross-site request forgery

A

Answer: C. Cross-site scripting

69
Q

Which of the following conditions must be given to allow a tester to exploit a cross-site request forgery (CSRF) vulnerable web application?

A. The victim user must open a malicious link with an Internet Explorer prior to version 8.
B. The victim user must open a malicious link with Firefox prior to version 3.
C. The web application should not use random tokens.
D. The session cookies generated by the application do not have the HttpOnly flag set.

A

Answer: C. The web application should not use random tokens.

70
Q

Robert, a security professional, examined a web application for discovering potential vulnerabilities and protecting it from evolving threats. During analysis, he discovered that certain application functions related to the session management and user validation methods were poorly implemented. Identify the type of application security risk discovered by Robert in the above scenario.?

A. Cryptographic failures
B. Vulnerable and outdated components
C. Identification and authentication failures
D. Security logging and monitoring failures

A

Answer: C. Identification and authentication failures

71
Q

Which of the following is a security risk due to the incorrect implementation of applications, allowing attackers to compromise passwords, keys, session tokens, and exploit user identity?

A. Sensitive data exposure
B. Injection
C. Security misconfiguration
D. Broken authentication

A

Answer: D. Broken authentication

72
Q

Which of the following is an application security threat that occurs when an application includes untrusted data in a new web page without proper validation or escaping or when an application updates an existing web page with user-supplied data?

A. Security misconfiguration
B. XML external entity (XXE)
C. Components with known vulnerabilities
D. Cross-site scripting (XSS)

A

Answer: D. Cross-site scripting (XSS)

73
Q

Which of the following is a clickjacking technique that overlays only the selected controls from a transparent page and involves masking buttons with hyperlinks and text labels containing false information?

A. Complete transparent overlay
B. Rapid content replacement
C. Click event dropping
D. Cropping

A

Answer: D. Cropping

74
Q

While testing web applications, you attempt to insert the following test script into the search area on the company’s website:

alert(“Testing Testing Testing”)
Afterwards, when you press the search button, a pop up box appears on your screen with the text, “Testing Testing Testing.” What vulnerability is detected in the web application here?

A. Cross-site scripting
B. Password attacks
C. A hybrid attack
D. A buffer overflow

A

Answer: A. Cross-site scripting

75
Q

Robert, a security professional, examined a web application for discovering potential vulnerabilities and protecting it from evolving threats. During analysis, he discovered that certain application functions related to the session management and user validation methods were poorly implemented. Identify the type of application security risk discovered by Robert in the above scenario.?

A. Vulnerable and outdated components
B. Cryptographic failures
C. Security logging and monitoring failures
D. Identification and authentication failures

A

Answer: D. Identification and authentication failures

76
Q

What type of injection attack involves injecting HTML code into a webpage to change the website appearance?

A. HTML embedding
B. Shell injection
C. File injection
D. HTML injection

A

Answer: D. HTML injection

77
Q

Which of the following attacks does an attacker trick or attract a user into accessing a legitimate web server using an explicit session ID value?

A. Security management exploits
B. Malicious file execution
C. Session fixation attack
D. Failure to restrict URL access

A

Answer: C. Session fixation attack

78
Q

During a penetration test, a tester finds that the web application being analyzed is vulnerable to XSS. Which of the following conditions must be met to exploit this vulnerability?

A. The session cookies do not have the HttpOnly flag set.
B. The web application does not have the secure flag set.
C. The victim user should not have an endpoint security solution.
D. The victim’s browser must have ActiveX technology enabled.

A

Answer: A. The session cookies do not have the HttpOnly flag set.

79
Q

An attacker has successfully modified the purchase price of items purchased on a company’s website. After verifying the web server and Oracle database have not been directly compromised and checking the intrusion detection system (IDS) logs, which showed no attacks that could have caused this, what is the most likely method used by the attacker to modify the purchase price?

A. By using SQL injection
B. By utilizing a buffer overflow attack
C. By using cross-site scripting
D. By changing hidden form values

A

Answer: D. By changing hidden form values

80
Q

An attacker tests the websites that a target company/individual frequently visits to identify any possible vulnerabilities. After identifying the vulnerabilities, the attacker injects malicious script/code into the web application that can redirect the webpage and download malware onto the victim’s machine. Once the web application is infected, the attacker waits for the victim to access it. What type of attack is this?

A. Jamming attack
B. Denial-of-service attack
C. Watering hole attack
D. Phishing attack

A

Answer: C. Watering hole attack

81
Q

Which of the following application security risks occurs as a result of the failure to implement proper key management systems or using old keys to protect the sensitive data of an organization?

A. Security misconfiguration
B. Cryptographic failures
C. Injection
D. Software and data integrity failures

A

Answer: B. Cryptographic failures

82
Q

Which application security flaw allows attackers to perform brute-forcing, password spraying, and other automated attacks to compromise account passwords due to poor session management and validation mechanisms?

A. Vulnerable and outdated components
B. Server-side request forgery
C. Identification and authentication failures
D. Software and data integrity failures

A

Answer: C. Identification and authentication failures

83
Q

Robert, a security professional, examined a web application for discovering potential vulnerabilities and protecting it from evolving threats. During the analysis, he discovered that certain application functions related to the session management and user validation methods were poorly implemented.

What type of application security risk did Robert discover in the above scenario?

A. Identification and authentication failures
B. Security logging and monitoring failures
C. Cryptographic failures
D. Vulnerable and outdated components

A

Answer: A. Identification and authentication failures

84
Q

Which application security risk can arise due to inappropriate alert mechanisms for failed login attempts, or the application’s inability to identify threats in advance, leading to the leakage of sensitive information?

A. Vulnerable and outdated components
B. Injection
C. Server-side request forgery
D. Security logging and monitoring failures

A

Answer: D. Security logging and monitoring failures

85
Q

Which of the following is a web security vulnerability that arises when an application obtains remote resources without verifying the URL entered by the user, and attackers exploit it to read or modify internal resources and steal sensitive information?

A. Insecure design
B. Server-side request forgery
C. Identification and authentication failures
D. Software and data integrity failures

A

Answer: B. Server-side request forgery

86
Q

Which of the following involves modifying the HTTP location header to redirect users to a malicious page without their knowledge?

A. Header-based open redirection
B. LDAP injection
C. Directory traversal
D. HTML injection

A

Answer: A. Header-based open redirection

87
Q

Kristine was attempting to browse a website, www.certifiedhacker.com, but Alex, an attacker, redirected Kristine to a dangling site, rans.certifiedhacker.com, by luring Kristine into believing that the redirected site is a legitimate one. Kristine submitted her credentials on the malicious site, which Alex obtained.

What type of attack did Alex perform in the above scenario?

A. SSH brute-force attack
B. Source code disclosure
C. Buffer overflow attack
D. Same-site attack

A

Answer: D. Same-site attack

88
Q

Which of the following techniques allows an attacker to inject unusual characters into HTML code to bypass client-side controls?

A. Attack browser extensions
B. Evade XSS filters
C. Source-code review
D. Attack hidden form fields

A

Answer: B. Evade XSS filters

89
Q

Which of the following HTTP service port numbers is used for connecting to a remote network server system?

A. Port 384
B. Port 88
C. Port 80
D. Port 81

A

Answer: A. Port 384

90
Q

Which of the following techniques is used by an attacker to enumerate usernames from a target web application?

A. Dictionary attack
B. Cookie poisoning
C. Verbose failure message
D. Bypass SAML-based SSO

A

Answer: C. Verbose failure message

91
Q

Which of the following is a built-in tool of Burp Suite that is used for inspecting and modifying traffic between a browser and a target application?

A. Intruder tool
B. Sequencer tool
C. Intercepting proxy
D. Application-aware

A

Answer: C. Intercepting proxy

92
Q

Which of the following attacks allows an attacker to inject malicious content, modify the user’s online experience, and obtain unauthorized information?

A. Session prediction
B. Session brute-forcing
C. Session poisoning
D. Cross-site request forgery

A

Answer: C. Session poisoning

93
Q

Which of the following built-in tools of Burp Suite is used for testing the randomness of session tokens?

A. Application-aware spider
B. Intruder tool
C. Sequencer tool
D. Intercepting proxy

A

Answer: C. Sequencer tool

94
Q

What technique is used to perform a connection stream parameter pollution (CSPP) attack?

A. Adding multiple parameters with the same name in HTTP requests
B. Injecting parameters into a connection string using semicolons as a separator
C. Setting a user’s session identifier (SID) to an explicit known value
D. Inserting malicious JavaScript code into input parameters

A

Answer: B. Injecting parameters into a connection string using semicolons as a separator

95
Q

Which of the following automatically discover hidden content and functionality by parsing HTML form and client-side JavaScript requests and responses?

A. Banners
B. Proxies
C. Firewalls
D. Web spiders

A

Answer: D. Web spiders

96
Q

An attacker wants to exploit a webpage. From which of the following points does he start his attack process?

A. Identify server-side functionality
B. Identify entry points for user input
C. Identify server-side technologies
D. Map the attack surface

A

Answer: B. Identify entry points for user input

97
Q

Which of the following data can be gathered by attackers after infecting the Google Chrome browser?

A. User’s spoken language
B. Legal documents related to the organization
C. Partners of the organization
D. News articles, press releases, and related documents

A

Answer: A. User’s spoken language

98
Q

Which of the following is a DNS interrogation tool that allows an attacker to retrieve information about the location and type of servers related to the target web infrastructure?

A. Vega
B. Halberd
C. Domain Dossier
D. WAFW00F

A

Answer: C. Domain Dossier

99
Q

Which of the following attacks can be performed using information regarding the database interaction of a target web application?

A. Directory traversal
B. Cross-site scripting
C. Username enumeration, password brute-forcing
D. SQL injection, data leakage

A

Answer: D. SQL injection, data leakage

CEH v12 Exam Prep "Hard" (19 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions